@redmix/api 9.0.0-canary.580 → 9.0.0-canary.582

package/dist/cjs/auth/verifiers/base64Sha256Verifier.js

@@ -0,0 +1,77 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var base64Sha256Verifier_exports = {};
+__export(base64Sha256Verifier_exports, {
+  default: () => base64Sha256Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(base64Sha256Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common.js");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.slice(0, 3) + s.slice(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha256";
+  const hmac = (0, import_crypto.createHmac)(algorithm, Buffer.from(secret, "base64"));
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = hmac.update(payload).digest();
+  return digest.toString("base64");
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const webhookSignature = Buffer.from(signature || "", "base64");
+    const hmac = (0, import_crypto.createHmac)("sha256", Buffer.from(secret, "base64"));
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = hmac.update(payload).digest();
+    if (webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature)) {
+      return true;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const base64Sha256Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "base64Sha256Verifier"
+  };
+};
+var base64Sha256Verifier_default = base64Sha256Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/cjs/auth/verifiers/common.d.ts

@@ -0,0 +1,104 @@
+import type { Base64Sha1Verifier } from './base64Sha1Verifier.js';
+import type { Base64Sha256Verifier } from './base64Sha256Verifier.js';
+import type { JwtVerifier } from './jwtVerifier.js';
+import type { SecretKeyVerifier } from './secretKeyVerifier.js';
+import type { Sha1Verifier } from './sha1Verifier.js';
+import type { Sha256Verifier } from './sha256Verifier.js';
+import type { SkipVerifier } from './skipVerifier.js';
+import type { TimestampSchemeVerifier } from './timestampSchemeVerifier.js';
+export declare const verifierLookup: {
+    skipVerifier: (_options?: VerifyOptions) => SkipVerifier;
+    secretKeyVerifier: (_options?: VerifyOptions) => SecretKeyVerifier;
+    sha1Verifier: (_options?: VerifyOptions) => Sha1Verifier;
+    sha256Verifier: (_options?: VerifyOptions) => Sha256Verifier;
+    base64Sha1Verifier: (_options?: VerifyOptions) => Base64Sha1Verifier;
+    base64Sha256Verifier: (_options?: VerifyOptions) => Base64Sha256Verifier;
+    timestampSchemeVerifier: (options?: VerifyOptions) => TimestampSchemeVerifier;
+    jwtVerifier: (options?: VerifyOptions) => JwtVerifier;
+};
+export type SupportedVerifiers = SkipVerifier | SecretKeyVerifier | Sha1Verifier | Sha256Verifier | Base64Sha1Verifier | Base64Sha256Verifier | TimestampSchemeVerifier | JwtVerifier;
+export type SupportedVerifierTypes = keyof typeof verifierLookup;
+export declare const DEFAULT_WEBHOOK_SECRET: string;
+export declare const VERIFICATION_ERROR_MESSAGE = "You don't have access to invoke this function.";
+export declare const VERIFICATION_SIGN_MESSAGE = "Unable to sign payload";
+/**
+ * @const {number} DEFAULT_TOLERANCE - Five minutes
+ */
+export declare const DEFAULT_TOLERANCE: number;
+/**
+ * Class representing a WebhookError
+ * @extends Error
+ */
+declare class WebhookError extends Error {
+    /**
+     * Create a WebhookError.
+     * @param {string} message - The error message
+     * */
+    constructor(message: string);
+}
+/**
+ * Class representing a WebhookVerificationError
+ * @extends WebhookError
+ */
+export declare class WebhookVerificationError extends WebhookError {
+    /**
+     * Create a WebhookVerificationError.
+     * @param {string} message - The error message
+     * */
+    constructor(message?: string);
+}
+/**
+ * Class representing a WebhookSignError
+ * @extends WebhookError
+ */
+export declare class WebhookSignError extends WebhookError {
+    /**
+     * Create a WebhookSignError.
+     * @param {string} message - The error message
+     * */
+    constructor(message?: string);
+}
+/**
+ * VerifyOptions
+ *
+ * Used when verifying a signature based on the verifier's requirements
+ *
+ * @param {string} signatureHeader - Optional Header that contains the signature
+ * to verify. Will default to DEFAULT_WEBHOOK_SIGNATURE_HEADER
+ * @param {(signature: string) => string} signatureTransformer - Optional
+ * function that receives the signature from the headers and returns a new
+ * signature to use in the Verifier
+ * @param {number} currentTimestampOverride - Optional timestamp to use as the
+ * "current" timestamp, in msec
+ * @param {number} eventTimestamp - Optional timestamp to use as the event
+ * timestamp, in msec. If this is provided the webhook verification will fail
+ * if the eventTimestamp is too far from the current time (or the time passed
+ * as the `currentTimestampOverride` option)
+ * @param {number} tolerance - Optional tolerance in msec
+ * @param {string} issuer - Options JWT issuer for JWTVerifier
+ */
+export interface VerifyOptions {
+    signatureHeader?: string;
+    signatureTransformer?: (signature: string) => string;
+    currentTimestampOverride?: number;
+    eventTimestamp?: number;
+    tolerance?: number;
+    issuer?: string;
+}
+/**
+ * WebhookVerifier is the interface for all verifiers
+ */
+export interface WebhookVerifier {
+    sign({ payload, secret, }: {
+        payload: string | Record<string, unknown>;
+        secret: string;
+    }): string;
+    verify({ payload, secret, signature, }: {
+        payload: string | Record<string, unknown>;
+        secret: string;
+        signature: string;
+    }): boolean | WebhookVerificationError;
+    type: SupportedVerifierTypes;
+}
+export {};
+//# sourceMappingURL=common.d.ts.map

package/dist/cjs/auth/verifiers/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/common.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAEjE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAErE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAEnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAErD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAEzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAErD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAA;AAE3E,eAAO,MAAM,cAAc;;;;;;;;;CAS1B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAC1B,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,cAAc,GACd,kBAAkB,GAClB,oBAAoB,GACpB,uBAAuB,GACvB,WAAW,CAAA;AAEf,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,cAAc,CAAA;AAEhE,eAAO,MAAM,sBAAsB,QAAmC,CAAA;AAEtE,eAAO,MAAM,0BAA0B,mDACW,CAAA;AAElD,eAAO,MAAM,yBAAyB,2BAA2B,CAAA;AAIjE;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAAe,CAAA;AAE7C;;;GAGG;AACH,cAAM,YAAa,SAAQ,KAAK;IAC9B;;;SAGK;gBACO,OAAO,EAAE,MAAM;CAG5B;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,YAAY;IACxD;;;SAGK;gBACO,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,YAAY;IAChD;;;SAGK;gBACO,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,aAAa;IAC5B,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,oBAAoB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,MAAM,CAAA;IACpD,wBAAwB,CAAC,EAAE,MAAM,CAAA;IACjC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EACH,OAAO,EACP,MAAM,GACP,EAAE;QACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACzC,MAAM,EAAE,MAAM,CAAA;KACf,GAAG,MAAM,CAAA;IACV,MAAM,CAAC,EACL,OAAO,EACP,MAAM,EACN,SAAS,GACV,EAAE;QACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACzC,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;KAClB,GAAG,OAAO,GAAG,wBAAwB,CAAA;IACtC,IAAI,EAAE,sBAAsB,CAAA;CAC7B"}

package/dist/cjs/auth/verifiers/common.js

@@ -0,0 +1,99 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var common_exports = {};
+__export(common_exports, {
+  DEFAULT_TOLERANCE: () => DEFAULT_TOLERANCE,
+  DEFAULT_WEBHOOK_SECRET: () => DEFAULT_WEBHOOK_SECRET,
+  VERIFICATION_ERROR_MESSAGE: () => VERIFICATION_ERROR_MESSAGE,
+  VERIFICATION_SIGN_MESSAGE: () => VERIFICATION_SIGN_MESSAGE,
+  WebhookSignError: () => WebhookSignError,
+  WebhookVerificationError: () => WebhookVerificationError,
+  verifierLookup: () => verifierLookup
+});
+module.exports = __toCommonJS(common_exports);
+var import_base64Sha1Verifier = __toESM(require("./base64Sha1Verifier.js"), 1);
+var import_base64Sha256Verifier = __toESM(require("./base64Sha256Verifier.js"), 1);
+var import_jwtVerifier = __toESM(require("./jwtVerifier.js"), 1);
+var import_secretKeyVerifier = __toESM(require("./secretKeyVerifier.js"), 1);
+var import_sha1Verifier = __toESM(require("./sha1Verifier.js"), 1);
+var import_sha256Verifier = __toESM(require("./sha256Verifier.js"), 1);
+var import_skipVerifier = __toESM(require("./skipVerifier.js"), 1);
+var import_timestampSchemeVerifier = __toESM(require("./timestampSchemeVerifier.js"), 1);
+const verifierLookup = {
+  skipVerifier: import_skipVerifier.default,
+  secretKeyVerifier: import_secretKeyVerifier.default,
+  sha1Verifier: import_sha1Verifier.default,
+  sha256Verifier: import_sha256Verifier.default,
+  base64Sha1Verifier: import_base64Sha1Verifier.default,
+  base64Sha256Verifier: import_base64Sha256Verifier.default,
+  timestampSchemeVerifier: import_timestampSchemeVerifier.default,
+  jwtVerifier: import_jwtVerifier.default
+};
+const DEFAULT_WEBHOOK_SECRET = process.env.WEBHOOK_SECRET ?? "";
+const VERIFICATION_ERROR_MESSAGE = "You don't have access to invoke this function.";
+const VERIFICATION_SIGN_MESSAGE = "Unable to sign payload";
+const FIVE_MINUTES = 5 * 6e4;
+const DEFAULT_TOLERANCE = FIVE_MINUTES;
+class WebhookError extends Error {
+  /**
+   * Create a WebhookError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message);
+  }
+}
+class WebhookVerificationError extends WebhookError {
+  /**
+   * Create a WebhookVerificationError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message || VERIFICATION_ERROR_MESSAGE);
+  }
+}
+class WebhookSignError extends WebhookError {
+  /**
+   * Create a WebhookSignError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message || VERIFICATION_SIGN_MESSAGE);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DEFAULT_TOLERANCE,
+  DEFAULT_WEBHOOK_SECRET,
+  VERIFICATION_ERROR_MESSAGE,
+  VERIFICATION_SIGN_MESSAGE,
+  WebhookSignError,
+  WebhookVerificationError,
+  verifierLookup
+});

package/dist/cjs/auth/verifiers/index.d.ts

@@ -0,0 +1,8 @@
+import type { SupportedVerifierTypes, VerifyOptions, WebhookVerifier } from './common.js';
+/**
+ * @param {SupportedVerifierTypes} type - What verification type methods used to sign and verify signatures
+ * @param {VerifyOptions} options - Options used to verify the signature based on verifiers requirements
+ */
+export declare const createVerifier: (type: SupportedVerifierTypes, options?: VerifyOptions) => WebhookVerifier;
+export * from './common.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/auth/verifiers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,eAAe,EAChB,MAAM,aAAa,CAAA;AAEpB;;;GAGG;AACH,eAAO,MAAM,cAAc,SACnB,sBAAsB,YAClB,aAAa,KACtB,eAMF,CAAA;AAED,cAAc,aAAa,CAAA"}

package/dist/cjs/auth/verifiers/index.js

@@ -0,0 +1,38 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var verifiers_exports = {};
+__export(verifiers_exports, {
+  createVerifier: () => createVerifier
+});
+module.exports = __toCommonJS(verifiers_exports);
+var import_common = require("./common.js");
+__reExport(verifiers_exports, require("./common.js"), module.exports);
+const createVerifier = (type, options) => {
+  if (options) {
+    return import_common.verifierLookup[type](options);
+  } else {
+    return import_common.verifierLookup[type]();
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createVerifier,
+  ...require("./common.js")
+});

package/dist/cjs/auth/verifiers/jwtVerifier.d.ts

@@ -0,0 +1,26 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface JwtVerifier extends WebhookVerifier {
+    type: 'jwtVerifier';
+}
+/**
+ *
+ * verifySignature
+ *
+ */
+export declare const verifySignature: ({ payload, secret, signature, options, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+    options: VerifyOptions | undefined;
+}) => boolean;
+/**
+ *
+ * JWT Payload Verifier
+ *
+ * Based on Netlify's webhook payload verification
+ * @see: https://docs.netlify.com/site-deploys/notifications/#payload-signature
+ *
+ */
+export declare const jwtVerifier: (options?: VerifyOptions) => JwtVerifier;
+export default jwtVerifier;
+//# sourceMappingURL=jwtVerifier.d.ts.map

package/dist/cjs/auth/verifiers/jwtVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwtVerifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/jwtVerifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,WAAY,SAAQ,eAAe;IAClD,IAAI,EAAE,aAAa,CAAA;CACpB;AA2BD;;;;GAIG;AACH,eAAO,MAAM,eAAe,6CAKzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,aAAa,GAAG,SAAS,CAAA;CACnC,KAAG,OAmBH,CAAA;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW,aAAc,aAAa,KAAG,WAUrD,CAAA;AAED,eAAe,WAAW,CAAA"}

package/dist/cjs/auth/verifiers/jwtVerifier.js

@@ -0,0 +1,86 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var jwtVerifier_exports = {};
+__export(jwtVerifier_exports, {
+  default: () => jwtVerifier_default,
+  jwtVerifier: () => jwtVerifier,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(jwtVerifier_exports);
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
+var import_common = require("./common.js");
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  options
+}) => {
+  try {
+    const signOptions = options?.issuer ? { issuer: options?.issuer } : void 0;
+    return import_jsonwebtoken.default.sign(payload, secret, { ...signOptions });
+  } catch (error) {
+    throw new import_common.WebhookSignError(error.message);
+  }
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature,
+  options
+}) => {
+  try {
+    if (payload === void 0 || payload?.length === 0) {
+      console.warn("Missing payload");
+    }
+    if (options?.issuer) {
+      import_jsonwebtoken.default.verify(signature, secret, { issuer: options?.issuer });
+    } else {
+      import_jsonwebtoken.default.verify(signature, secret);
+    }
+    return true;
+  } catch {
+    throw new import_common.WebhookVerificationError();
+  }
+};
+const jwtVerifier = (options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret, options });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature, options });
+    },
+    type: "jwtVerifier"
+  };
+};
+var jwtVerifier_default = jwtVerifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  jwtVerifier,
+  verifySignature
+});

package/dist/cjs/auth/verifiers/secretKeyVerifier.d.ts

@@ -0,0 +1,14 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface SecretKeyVerifier extends WebhookVerifier {
+    type: 'secretKeyVerifier';
+}
+/**
+ *
+ * Secret Key Verifier
+ *
+ * Use when the payload is not signed, but rather authorized via a known secret key
+ *
+ */
+declare const secretKeyVerifier: (_options?: VerifyOptions) => SecretKeyVerifier;
+export default secretKeyVerifier;
+//# sourceMappingURL=secretKeyVerifier.d.ts.map

package/dist/cjs/auth/verifiers/secretKeyVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretKeyVerifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/secretKeyVerifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,IAAI,EAAE,mBAAmB,CAAA;CAC1B;AAED;;;;;;GAMG;AACH,QAAA,MAAM,iBAAiB,cAAe,aAAa,KAAG,iBAgBrD,CAAA;AAED,eAAe,iBAAiB,CAAA"}

package/dist/cjs/auth/verifiers/secretKeyVerifier.js

@@ -0,0 +1,40 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var secretKeyVerifier_exports = {};
+__export(secretKeyVerifier_exports, {
+  default: () => secretKeyVerifier_default
+});
+module.exports = __toCommonJS(secretKeyVerifier_exports);
+var import_common = require("./common.js");
+const secretKeyVerifier = (_options) => {
+  return {
+    sign: ({ secret }) => {
+      return secret;
+    },
+    verify: ({ signature, secret = import_common.DEFAULT_WEBHOOK_SECRET }) => {
+      const verified = signature === secret;
+      if (!verified) {
+        throw new import_common.WebhookVerificationError();
+      }
+      return verified;
+    },
+    type: "secretKeyVerifier"
+  };
+};
+var secretKeyVerifier_default = secretKeyVerifier;

package/dist/cjs/auth/verifiers/sha1Verifier.d.ts

@@ -0,0 +1,25 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface Sha1Verifier extends WebhookVerifier {
+    type: 'sha1Verifier';
+}
+/**
+ *
+ * verifySignature
+ *
+ */
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ *
+ * SHA1 HMAC Payload Verifier
+ *
+ * Based on Vercel's webhook payload verification
+ * @see https://vercel.com/docs/api#integrations/webhooks/securing-webhooks
+ *
+ */
+declare const sha1Verifier: (_options?: VerifyOptions) => Sha1Verifier;
+export default sha1Verifier;
+//# sourceMappingURL=sha1Verifier.d.ts.map

package/dist/cjs/auth/verifiers/sha1Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sha1Verifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/sha1Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,YAAa,SAAQ,eAAe;IACnD,IAAI,EAAE,cAAc,CAAA;CACrB;AAkCD;;;;GAIG;AACH,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA+BH,CAAA;AAED;;;;;;;GAOG;AACH,QAAA,MAAM,YAAY,cAAe,aAAa,KAAG,YAUhD,CAAA;AAED,eAAe,YAAY,CAAA"}

package/dist/cjs/auth/verifiers/sha1Verifier.js

@@ -0,0 +1,85 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sha1Verifier_exports = {};
+__export(sha1Verifier_exports, {
+  default: () => sha1Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(sha1Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common.js");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.substr(0, 3) + s.substr(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha1";
+  const hmac = (0, import_crypto.createHmac)(algorithm, secret);
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = Buffer.from(
+    algorithm + "=" + hmac.update(payload).digest("hex"),
+    "utf8"
+  );
+  return digest.toString();
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const algorithm = signature.split("=")[0];
+    const webhookSignature = Buffer.from(signature || "", "utf8");
+    const hmac = (0, import_crypto.createHmac)(algorithm, secret);
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = Buffer.from(
+      algorithm + "=" + hmac.update(payload).digest("hex"),
+      "utf8"
+    );
+    const verified = webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature);
+    if (verified) {
+      return verified;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const sha1Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "sha1Verifier"
+  };
+};
+var sha1Verifier_default = sha1Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/cjs/auth/verifiers/sha256Verifier.d.ts

@@ -0,0 +1,25 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface Sha256Verifier extends WebhookVerifier {
+    type: 'sha256Verifier';
+}
+/**
+ *
+ * verifySignature
+ *
+ */
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ *
+ * SHA256 HMAC Payload Verifier
+ *
+ * Based on GitHub's webhook payload verification
+ * @see https://docs.github.com/en/developers/webhooks-and-events/securing-your-webhooks
+ *
+ */
+declare const sha256Verifier: (_options?: VerifyOptions) => Sha256Verifier;
+export default sha256Verifier;
+//# sourceMappingURL=sha256Verifier.d.ts.map

package/dist/cjs/auth/verifiers/sha256Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sha256Verifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/sha256Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,IAAI,EAAE,gBAAgB,CAAA;CACvB;AAkCD;;;;GAIG;AACH,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA+BH,CAAA;AAED;;;;;;;GAOG;AACH,QAAA,MAAM,cAAc,cAAe,aAAa,KAAG,cAUlD,CAAA;AAED,eAAe,cAAc,CAAA"}