@redmix/api 9.0.0-canary.581 → 9.0.0-canary.583

package/dist/cjs/auth/index.d.ts

@@ -0,0 +1,51 @@
+export * from './parseJWT.js';
+import type { APIGatewayProxyEvent, Context as LambdaContext } from 'aws-lambda';
+import type { Decoded } from './parseJWT.js';
+export type { Decoded };
+export declare const AUTH_PROVIDER_HEADER = "auth-provider";
+export declare const getAuthProviderHeader: (event: APIGatewayProxyEvent | Request) => string | null | undefined;
+export interface AuthorizationHeader {
+    schema: 'Bearer' | 'Basic' | string;
+    token: string;
+}
+export type AuthorizationCookies = {
+    parsedCookie: Record<string, string | undefined>;
+    rawCookie: string;
+    type: string | undefined;
+} | null;
+export declare const parseAuthorizationCookie: (event: APIGatewayProxyEvent | Request) => AuthorizationCookies;
+/**
+ * Split the `Authorization` header into a schema and token part.
+ */
+export declare const parseAuthorizationHeader: (event: APIGatewayProxyEvent | Request) => AuthorizationHeader;
+/** @MARK Note that we do not send LambdaContext when making fetch requests
+ *
+ * This part is incomplete, as we need to decide how we will make the breaking change to
+ * 1. getCurrentUser
+ * 2. authDecoders
+
+ */
+export type AuthContextPayload = [
+    Decoded,
+    {
+        type: string;
+    } & AuthorizationHeader,
+    {
+        event: APIGatewayProxyEvent | Request;
+        context?: LambdaContext;
+    }
+];
+export type Decoder = (token: string, type: string, req: {
+    event: APIGatewayProxyEvent | Request;
+    context?: LambdaContext;
+}) => Promise<Decoded>;
+/**
+ * Get the authorization information from the request headers and request context.
+ * @returns [decoded, { type, schema, token }, { event, context }]
+ **/
+export declare const getAuthenticationContext: ({ authDecoder, event, context, }: {
+    authDecoder?: Decoder | Decoder[];
+    event: APIGatewayProxyEvent | Request;
+    context: LambdaContext;
+}) => Promise<undefined | AuthContextPayload>;
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAA;AAE7B,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,YAAY,CAAA;AAKhF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAC5C,YAAY,EAAE,OAAO,EAAE,CAAA;AAGvB,eAAO,MAAM,oBAAoB,kBAAkB,CAAA;AAEnD,eAAO,MAAM,qBAAqB,UACzB,oBAAoB,GAAG,OAAO,8BAStC,CAAA;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAA;IACnC,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAChD,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,MAAM,GAAG,SAAS,CAAA;CACzB,GAAG,IAAI,CAAA;AAER,eAAO,MAAM,wBAAwB,UAC5B,oBAAoB,GAAG,OAAO,KACpC,oBAiBF,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,UAC5B,oBAAoB,GAAG,OAAO,KACpC,mBAUF,CAAA;AAED;;;;;;GAMG;AAEH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO;IACP;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,mBAAmB;IAEtC;QACE,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAA;QACrC,OAAO,CAAC,EAAE,aAAa,CAAA;KACxB;CACF,CAAA;AAED,MAAM,MAAM,OAAO,GAAG,CACpB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE;IACH,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAA;IACrC,OAAO,CAAC,EAAE,aAAa,CAAA;CACxB,KACE,OAAO,CAAC,OAAO,CAAC,CAAA;AAErB;;;IAGI;AACJ,eAAO,MAAM,wBAAwB,qCAIlC;IACD,WAAW,CAAC,EAAE,OAAO,GAAG,OAAO,EAAE,CAAA;IACjC,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAA;IACrC,OAAO,EAAE,aAAa,CAAA;CACvB,KAAG,OAAO,CAAC,SAAS,GAAG,kBAAkB,CA6DzC,CAAA"}

package/dist/cjs/auth/index.js

@@ -0,0 +1,129 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var auth_exports = {};
+__export(auth_exports, {
+  AUTH_PROVIDER_HEADER: () => AUTH_PROVIDER_HEADER,
+  getAuthProviderHeader: () => getAuthProviderHeader,
+  getAuthenticationContext: () => getAuthenticationContext,
+  parseAuthorizationCookie: () => parseAuthorizationCookie,
+  parseAuthorizationHeader: () => parseAuthorizationHeader
+});
+module.exports = __toCommonJS(auth_exports);
+__reExport(auth_exports, require("./parseJWT.js"), module.exports);
+var cookie = __toESM(require("cookie"), 1);
+var import_event = require("../event.js");
+const AUTH_PROVIDER_HEADER = "auth-provider";
+const getAuthProviderHeader = (event) => {
+  const authProviderKey = Object.keys(event?.headers ?? {}).find(
+    (key) => key.toLowerCase() === AUTH_PROVIDER_HEADER
+  );
+  if (authProviderKey) {
+    return (0, import_event.getEventHeader)(event, authProviderKey);
+  }
+  return void 0;
+};
+const parseAuthorizationCookie = (event) => {
+  const cookieHeader = (0, import_event.getEventHeader)(event, "Cookie");
+  if (!cookieHeader) {
+    return null;
+  }
+  const parsedCookie = cookie.parse(cookieHeader);
+  return {
+    parsedCookie,
+    rawCookie: cookieHeader,
+    // When not unauthenticated, this will be null/undefined
+    // Remember that the cookie header could contain other (unrelated) values!
+    type: parsedCookie[AUTH_PROVIDER_HEADER]
+  };
+};
+const parseAuthorizationHeader = (event) => {
+  const parts = (0, import_event.getEventHeader)(event, "Authorization")?.split(" ");
+  if (parts?.length !== 2) {
+    throw new Error("The `Authorization` header is not valid.");
+  }
+  const [schema, token] = parts;
+  if (!schema.length || !token.length) {
+    throw new Error("The `Authorization` header is not valid.");
+  }
+  return { schema, token };
+};
+const getAuthenticationContext = async ({
+  authDecoder,
+  event,
+  context
+}) => {
+  const cookieHeader = parseAuthorizationCookie(event);
+  const typeFromHeader = getAuthProviderHeader(event);
+  if (!typeFromHeader && !cookieHeader) {
+    return void 0;
+  }
+  let token;
+  let type;
+  let schema;
+  if (cookieHeader?.type) {
+    token = cookieHeader.rawCookie;
+    type = cookieHeader.type;
+    schema = "cookie";
+  } else if (typeFromHeader) {
+    const parsedAuthHeader = parseAuthorizationHeader(event);
+    token = parsedAuthHeader.token;
+    type = typeFromHeader;
+    schema = parsedAuthHeader.schema;
+  }
+  if (!token || !type || !schema) {
+    return void 0;
+  }
+  let authDecoders = [];
+  if (Array.isArray(authDecoder)) {
+    authDecoders = authDecoder;
+  } else if (authDecoder) {
+    authDecoders = [authDecoder];
+  }
+  let decoded = null;
+  let i = 0;
+  while (!decoded && i < authDecoders.length) {
+    decoded = await authDecoders[i](token, type, {
+      // @MARK: When called from middleware, the decoder will pass Request, not Lambda event
+      event,
+      context
+    });
+    i++;
+  }
+  return [decoded, { type, schema, token }, { event, context }];
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AUTH_PROVIDER_HEADER,
+  getAuthProviderHeader,
+  getAuthenticationContext,
+  parseAuthorizationCookie,
+  parseAuthorizationHeader,
+  ...require("./parseJWT.js")
+});

package/dist/cjs/auth/parseJWT.d.ts

@@ -0,0 +1,6 @@
+export type Decoded = Record<string, unknown> | null;
+export declare const parseJWT: (token: {
+    decoded: Decoded;
+    namespace?: string;
+}) => any;
+//# sourceMappingURL=parseJWT.d.ts.map

package/dist/cjs/auth/parseJWT.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parseJWT.d.ts","sourceRoot":"","sources":["../../../src/auth/parseJWT.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;AA8DpD,eAAO,MAAM,QAAQ,UAAW;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,KAAG,GAKH,CAAA"}

package/dist/cjs/auth/parseJWT.js

@@ -0,0 +1,57 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var parseJWT_exports = {};
+__export(parseJWT_exports, {
+  parseJWT: () => parseJWT
+});
+module.exports = __toCommonJS(parseJWT_exports);
+function isTokenWithRoles(token) {
+  return !!token.decoded?.roles;
+}
+function isTokenWithMetadata(token) {
+  const claim = token.namespace ? `${token.namespace}/app_metadata` : "app_metadata";
+  return !!token.decoded?.[claim];
+}
+const appMetadata = (token) => {
+  if (typeof token.decoded === "string") {
+    return {};
+  }
+  if (isTokenWithMetadata(token)) {
+    const claim = token.namespace ? `${token.namespace}/app_metadata` : "app_metadata";
+    return token.decoded?.[claim];
+  }
+  return {};
+};
+const roles = (token) => {
+  if (isTokenWithRoles(token)) {
+    return token.decoded.roles;
+  }
+  const metadata = appMetadata(token);
+  return metadata?.roles || metadata.authorization?.roles || [];
+};
+const parseJWT = (token) => {
+  return {
+    appMetadata: appMetadata(token),
+    roles: roles(token)
+  };
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  parseJWT
+});

package/dist/cjs/auth/verifiers/base64Sha1Verifier.d.ts

@@ -0,0 +1,19 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface Base64Sha1Verifier extends WebhookVerifier {
+    type: 'base64Sha1Verifier';
+}
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ * Base64 SHA1 HMAC Payload Verifier
+ *
+ * Based on Svix's webhook payload verification, but using SHA1 instead
+ * @see https://docs.svix.com/receiving/verifying-payloads/how-manual
+ * @see https://github.com/svix/svix-webhooks/blob/main/javascript/src/index.ts
+ */
+declare const base64Sha1Verifier: (_options?: VerifyOptions) => Base64Sha1Verifier;
+export default base64Sha1Verifier;
+//# sourceMappingURL=base64Sha1Verifier.d.ts.map

package/dist/cjs/auth/verifiers/base64Sha1Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64Sha1Verifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/base64Sha1Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,IAAI,EAAE,oBAAoB,CAAA;CAC3B;AA0BD,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA0BH,CAAA;AAED;;;;;;GAMG;AACH,QAAA,MAAM,kBAAkB,cAAe,aAAa,KAAG,kBAUtD,CAAA;AAED,eAAe,kBAAkB,CAAA"}

package/dist/cjs/auth/verifiers/base64Sha1Verifier.js

@@ -0,0 +1,77 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var base64Sha1Verifier_exports = {};
+__export(base64Sha1Verifier_exports, {
+  default: () => base64Sha1Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(base64Sha1Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common.js");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.slice(0, 3) + s.slice(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha1";
+  const hmac = (0, import_crypto.createHmac)(algorithm, Buffer.from(secret, "base64"));
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = hmac.update(payload).digest();
+  return digest.toString("base64");
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const webhookSignature = Buffer.from(signature || "", "base64");
+    const hmac = (0, import_crypto.createHmac)("sha1", Buffer.from(secret, "base64"));
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = hmac.update(payload).digest();
+    if (webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature)) {
+      return true;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const base64Sha1Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "base64Sha1Verifier"
+  };
+};
+var base64Sha1Verifier_default = base64Sha1Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/cjs/auth/verifiers/base64Sha256Verifier.d.ts

@@ -0,0 +1,19 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface Base64Sha256Verifier extends WebhookVerifier {
+    type: 'base64Sha256Verifier';
+}
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ * Base64 SHA256 HMAC Payload Verifier
+ *
+ * Based on Svix's webhook payload verification
+ * @see https://docs.svix.com/receiving/verifying-payloads/how-manual
+ * @see https://github.com/svix/svix-webhooks/blob/main/javascript/src/index.ts
+ */
+declare const base64Sha256Verifier: (_options?: VerifyOptions) => Base64Sha256Verifier;
+export default base64Sha256Verifier;
+//# sourceMappingURL=base64Sha256Verifier.d.ts.map

package/dist/cjs/auth/verifiers/base64Sha256Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64Sha256Verifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/base64Sha256Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,IAAI,EAAE,sBAAsB,CAAA;CAC7B;AA0BD,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA0BH,CAAA;AAED;;;;;;GAMG;AACH,QAAA,MAAM,oBAAoB,cACb,aAAa,KACvB,oBAUF,CAAA;AAED,eAAe,oBAAoB,CAAA"}

package/dist/cjs/auth/verifiers/base64Sha256Verifier.js

@@ -0,0 +1,77 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var base64Sha256Verifier_exports = {};
+__export(base64Sha256Verifier_exports, {
+  default: () => base64Sha256Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(base64Sha256Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common.js");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.slice(0, 3) + s.slice(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha256";
+  const hmac = (0, import_crypto.createHmac)(algorithm, Buffer.from(secret, "base64"));
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = hmac.update(payload).digest();
+  return digest.toString("base64");
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const webhookSignature = Buffer.from(signature || "", "base64");
+    const hmac = (0, import_crypto.createHmac)("sha256", Buffer.from(secret, "base64"));
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = hmac.update(payload).digest();
+    if (webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature)) {
+      return true;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const base64Sha256Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "base64Sha256Verifier"
+  };
+};
+var base64Sha256Verifier_default = base64Sha256Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/cjs/auth/verifiers/common.d.ts

@@ -0,0 +1,104 @@
+import type { Base64Sha1Verifier } from './base64Sha1Verifier.js';
+import type { Base64Sha256Verifier } from './base64Sha256Verifier.js';
+import type { JwtVerifier } from './jwtVerifier.js';
+import type { SecretKeyVerifier } from './secretKeyVerifier.js';
+import type { Sha1Verifier } from './sha1Verifier.js';
+import type { Sha256Verifier } from './sha256Verifier.js';
+import type { SkipVerifier } from './skipVerifier.js';
+import type { TimestampSchemeVerifier } from './timestampSchemeVerifier.js';
+export declare const verifierLookup: {
+    skipVerifier: (_options?: VerifyOptions) => SkipVerifier;
+    secretKeyVerifier: (_options?: VerifyOptions) => SecretKeyVerifier;
+    sha1Verifier: (_options?: VerifyOptions) => Sha1Verifier;
+    sha256Verifier: (_options?: VerifyOptions) => Sha256Verifier;
+    base64Sha1Verifier: (_options?: VerifyOptions) => Base64Sha1Verifier;
+    base64Sha256Verifier: (_options?: VerifyOptions) => Base64Sha256Verifier;
+    timestampSchemeVerifier: (options?: VerifyOptions) => TimestampSchemeVerifier;
+    jwtVerifier: (options?: VerifyOptions) => JwtVerifier;
+};
+export type SupportedVerifiers = SkipVerifier | SecretKeyVerifier | Sha1Verifier | Sha256Verifier | Base64Sha1Verifier | Base64Sha256Verifier | TimestampSchemeVerifier | JwtVerifier;
+export type SupportedVerifierTypes = keyof typeof verifierLookup;
+export declare const DEFAULT_WEBHOOK_SECRET: string;
+export declare const VERIFICATION_ERROR_MESSAGE = "You don't have access to invoke this function.";
+export declare const VERIFICATION_SIGN_MESSAGE = "Unable to sign payload";
+/**
+ * @const {number} DEFAULT_TOLERANCE - Five minutes
+ */
+export declare const DEFAULT_TOLERANCE: number;
+/**
+ * Class representing a WebhookError
+ * @extends Error
+ */
+declare class WebhookError extends Error {
+    /**
+     * Create a WebhookError.
+     * @param {string} message - The error message
+     * */
+    constructor(message: string);
+}
+/**
+ * Class representing a WebhookVerificationError
+ * @extends WebhookError
+ */
+export declare class WebhookVerificationError extends WebhookError {
+    /**
+     * Create a WebhookVerificationError.
+     * @param {string} message - The error message
+     * */
+    constructor(message?: string);
+}
+/**
+ * Class representing a WebhookSignError
+ * @extends WebhookError
+ */
+export declare class WebhookSignError extends WebhookError {
+    /**
+     * Create a WebhookSignError.
+     * @param {string} message - The error message
+     * */
+    constructor(message?: string);
+}
+/**
+ * VerifyOptions
+ *
+ * Used when verifying a signature based on the verifier's requirements
+ *
+ * @param {string} signatureHeader - Optional Header that contains the signature
+ * to verify. Will default to DEFAULT_WEBHOOK_SIGNATURE_HEADER
+ * @param {(signature: string) => string} signatureTransformer - Optional
+ * function that receives the signature from the headers and returns a new
+ * signature to use in the Verifier
+ * @param {number} currentTimestampOverride - Optional timestamp to use as the
+ * "current" timestamp, in msec
+ * @param {number} eventTimestamp - Optional timestamp to use as the event
+ * timestamp, in msec. If this is provided the webhook verification will fail
+ * if the eventTimestamp is too far from the current time (or the time passed
+ * as the `currentTimestampOverride` option)
+ * @param {number} tolerance - Optional tolerance in msec
+ * @param {string} issuer - Options JWT issuer for JWTVerifier
+ */
+export interface VerifyOptions {
+    signatureHeader?: string;
+    signatureTransformer?: (signature: string) => string;
+    currentTimestampOverride?: number;
+    eventTimestamp?: number;
+    tolerance?: number;
+    issuer?: string;
+}
+/**
+ * WebhookVerifier is the interface for all verifiers
+ */
+export interface WebhookVerifier {
+    sign({ payload, secret, }: {
+        payload: string | Record<string, unknown>;
+        secret: string;
+    }): string;
+    verify({ payload, secret, signature, }: {
+        payload: string | Record<string, unknown>;
+        secret: string;
+        signature: string;
+    }): boolean | WebhookVerificationError;
+    type: SupportedVerifierTypes;
+}
+export {};
+//# sourceMappingURL=common.d.ts.map

package/dist/cjs/auth/verifiers/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/common.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAEjE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAErE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAEnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAErD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAEzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAErD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAA;AAE3E,eAAO,MAAM,cAAc;;;;;;;;;CAS1B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAC1B,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,cAAc,GACd,kBAAkB,GAClB,oBAAoB,GACpB,uBAAuB,GACvB,WAAW,CAAA;AAEf,MAAM,MAAM,sBAAsB,GAAG,MAAM,OAAO,cAAc,CAAA;AAEhE,eAAO,MAAM,sBAAsB,QAAmC,CAAA;AAEtE,eAAO,MAAM,0BAA0B,mDACW,CAAA;AAElD,eAAO,MAAM,yBAAyB,2BAA2B,CAAA;AAIjE;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAAe,CAAA;AAE7C;;;GAGG;AACH,cAAM,YAAa,SAAQ,KAAK;IAC9B;;;SAGK;gBACO,OAAO,EAAE,MAAM;CAG5B;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,YAAY;IACxD;;;SAGK;gBACO,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,YAAY;IAChD;;;SAGK;gBACO,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,aAAa;IAC5B,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,oBAAoB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,MAAM,CAAA;IACpD,wBAAwB,CAAC,EAAE,MAAM,CAAA;IACjC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EACH,OAAO,EACP,MAAM,GACP,EAAE;QACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACzC,MAAM,EAAE,MAAM,CAAA;KACf,GAAG,MAAM,CAAA;IACV,MAAM,CAAC,EACL,OAAO,EACP,MAAM,EACN,SAAS,GACV,EAAE;QACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACzC,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;KAClB,GAAG,OAAO,GAAG,wBAAwB,CAAA;IACtC,IAAI,EAAE,sBAAsB,CAAA;CAC7B"}

package/dist/cjs/auth/verifiers/common.js

@@ -0,0 +1,99 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var common_exports = {};
+__export(common_exports, {
+  DEFAULT_TOLERANCE: () => DEFAULT_TOLERANCE,
+  DEFAULT_WEBHOOK_SECRET: () => DEFAULT_WEBHOOK_SECRET,
+  VERIFICATION_ERROR_MESSAGE: () => VERIFICATION_ERROR_MESSAGE,
+  VERIFICATION_SIGN_MESSAGE: () => VERIFICATION_SIGN_MESSAGE,
+  WebhookSignError: () => WebhookSignError,
+  WebhookVerificationError: () => WebhookVerificationError,
+  verifierLookup: () => verifierLookup
+});
+module.exports = __toCommonJS(common_exports);
+var import_base64Sha1Verifier = __toESM(require("./base64Sha1Verifier.js"), 1);
+var import_base64Sha256Verifier = __toESM(require("./base64Sha256Verifier.js"), 1);
+var import_jwtVerifier = __toESM(require("./jwtVerifier.js"), 1);
+var import_secretKeyVerifier = __toESM(require("./secretKeyVerifier.js"), 1);
+var import_sha1Verifier = __toESM(require("./sha1Verifier.js"), 1);
+var import_sha256Verifier = __toESM(require("./sha256Verifier.js"), 1);
+var import_skipVerifier = __toESM(require("./skipVerifier.js"), 1);
+var import_timestampSchemeVerifier = __toESM(require("./timestampSchemeVerifier.js"), 1);
+const verifierLookup = {
+  skipVerifier: import_skipVerifier.default,
+  secretKeyVerifier: import_secretKeyVerifier.default,
+  sha1Verifier: import_sha1Verifier.default,
+  sha256Verifier: import_sha256Verifier.default,
+  base64Sha1Verifier: import_base64Sha1Verifier.default,
+  base64Sha256Verifier: import_base64Sha256Verifier.default,
+  timestampSchemeVerifier: import_timestampSchemeVerifier.default,
+  jwtVerifier: import_jwtVerifier.default
+};
+const DEFAULT_WEBHOOK_SECRET = process.env.WEBHOOK_SECRET ?? "";
+const VERIFICATION_ERROR_MESSAGE = "You don't have access to invoke this function.";
+const VERIFICATION_SIGN_MESSAGE = "Unable to sign payload";
+const FIVE_MINUTES = 5 * 6e4;
+const DEFAULT_TOLERANCE = FIVE_MINUTES;
+class WebhookError extends Error {
+  /**
+   * Create a WebhookError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message);
+  }
+}
+class WebhookVerificationError extends WebhookError {
+  /**
+   * Create a WebhookVerificationError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message || VERIFICATION_ERROR_MESSAGE);
+  }
+}
+class WebhookSignError extends WebhookError {
+  /**
+   * Create a WebhookSignError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message || VERIFICATION_SIGN_MESSAGE);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DEFAULT_TOLERANCE,
+  DEFAULT_WEBHOOK_SECRET,
+  VERIFICATION_ERROR_MESSAGE,
+  VERIFICATION_SIGN_MESSAGE,
+  WebhookSignError,
+  WebhookVerificationError,
+  verifierLookup
+});