npm - @resultcrafter/aimanager-instagram-connector - Versions diffs - 0.2.0 → 0.2.1 - Mend

@resultcrafter/aimanager-instagram-connector 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/aimanager/InstagramOAuth.js +67 -4
package/index.js +42 -7
package/package.json +1 -1

package/aimanager/InstagramOAuth.js CHANGED Viewed

@@ -15,6 +15,58 @@ function getConfig() {
   };
 }
+function getEncryptionKey() {
+  return process.env.TOKEN_ENCRYPTION_KEY || process.env.OAUTH_STATE_SECRET || null;
+}
+function getCipherKey() {
+  var key = getEncryptionKey();
+  if (!key) return null;
+  return crypto.createHash('sha256').update(key).digest();
+}
+function encrypt(data) {
+  var cipherKey = getCipherKey();
+  if (!cipherKey) return null;
+  var text = JSON.stringify(data);
+  var iv = crypto.randomBytes(16);
+  var cipher = crypto.createCipheriv('aes-256-gcm', cipherKey, iv);
+  var encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]);
+  var authTag = cipher.getAuthTag();
+  return {
+    encrypted: encrypted.toString('base64'),
+    iv: iv.toString('base64'),
+    authTag: authTag.toString('base64')
+  };
+}
+function decrypt(encryptedData) {
+  var cipherKey = getCipherKey();
+  if (!cipherKey) return null;
+  var decipher = crypto.createDecipheriv('aes-256-gcm', cipherKey, Buffer.from(encryptedData.iv, 'base64'));
+  decipher.setAuthTag(Buffer.from(encryptedData.authTag, 'base64'));
+  var decrypted = Buffer.concat([
+    decipher.update(Buffer.from(encryptedData.encrypted, 'base64')),
+    decipher.final()
+  ]);
+  return JSON.parse(decrypted.toString('utf8'));
+}
+function encryptToken(tokenData) {
+  var encrypted = encrypt(tokenData);
+  if (encrypted) return encrypted;
+  return tokenData;
+}
+function decryptToken(stored) {
+  if (!stored) return null;
+  if (stored.encrypted && stored.iv && stored.authTag) {
+    var decrypted = decrypt(stored);
+    if (decrypted) return decrypted;
+  }
+  return stored;
+}
 function generateState(sessionId, projectId) {
   var data = {
     sessionId: sessionId || crypto.randomBytes(16).toString('hex'),
@@ -38,7 +90,9 @@ function verifyState(state) {
     var decoded = JSON.parse(Buffer.from(state, 'base64url').toString());
     var hmac = crypto.createHmac('sha256', cfg.stateSecret);
     hmac.update(JSON.stringify(decoded.data));
-    if (decoded.signature !== hmac.digest('hex')) return null;
+    if (decoded.signature !== hmac.digest('hex')) {
+      return null;
+    }
     if (Date.now() - decoded.data.timestamp > 600000) return null;
     return decoded.data;
   } catch (e) {
@@ -94,7 +148,7 @@ async function exchangeCodeForToken(code) {
   };
 }
-async function refreshToken(currentToken) {
+async function refreshToken(currentToken, existingTokenData) {
   var cfg = getConfig();
   var res = await axios.get(INSTAGRAM_GRAPH_BASE + '/refresh_access_token', {
     params: { grant_type: 'ig_refresh_token', access_token: currentToken }
@@ -103,6 +157,10 @@ async function refreshToken(currentToken) {
     access_token: res.data.access_token,
     token_type: res.data.token_type,
     expires_in: res.data.expires_in,
+    user_id: existingTokenData ? existingTokenData.user_id : undefined,
+    instagram_business_id: existingTokenData ? existingTokenData.instagram_business_id : undefined,
+    username: existingTokenData ? existingTokenData.username : undefined,
+    user_info: existingTokenData ? existingTokenData.user_info : undefined,
     created_at: Date.now(),
     expires_at: Date.now() + (res.data.expires_in * 1000)
   };
@@ -134,7 +192,10 @@ async function getTokenStatus(db, projectId) {
   if (!settings || !settings.ig_oauth_token) {
     return { connected: false, instagram_username: null };
   }
-  var token = settings.ig_oauth_token;
+  var token = decryptToken(settings.ig_oauth_token);
+  if (!token) {
+    return { connected: false, instagram_username: null };
+  }
   var daysRemaining = token.expires_at ? Math.floor((token.expires_at - Date.now()) / (1000 * 60 * 60 * 24)) : null;
   return {
     connected: true,
@@ -151,5 +212,7 @@ module.exports = {
   refreshToken: refreshToken,
   getUserInfo: getUserInfo,
   verifyState: verifyState,
-  getTokenStatus: getTokenStatus
+  getTokenStatus: getTokenStatus,
+  encryptToken: encryptToken,
+  decryptToken: decryptToken
 };

package/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ const bodyParser = require("body-parser");
 const handlebars = require('handlebars');
 const path = require('path');
 const fs = require('fs');
+const crypto = require('crypto');
 const pjson = require('./package.json');
 const winston = require('./winston');
 const url = require('url');
@@ -512,12 +513,45 @@ router.post('/tiledesk', async (req, res) => {
   return res.status(200).send({ message: "sent" });
 })
+function verifyWebhookSignature(req) {
+  var signature = req.headers['x-hub-signature-256'];
+  if (!signature) {
+    winston.error("(ig) Missing x-hub-signature-256 header");
+    return false;
+  }
+  if (!APP_SECRET) {
+    winston.warn("(ig) APP_SECRET not configured — skipping signature validation");
+    return true;
+  }
+  var algo = 'sha256';
+  var expected = signature.replace('sha256=', '');
+  var hmac = crypto.createHmac(algo, APP_SECRET);
+  hmac.update(JSON.stringify(req.body));
+  var computed = hmac.digest('hex');
+  var valid = crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(computed));
+  if (!valid) {
+    winston.error("(ig) Webhook signature mismatch — expected=" + expected + " computed=" + computed);
+    if (process.env.DEBUG_SIGNATURES === 'true') {
+      winston.debug("(ig) Raw body for signature: " + JSON.stringify(req.body));
+    }
+  }
+  return valid;
+}
 router.post('/webhookFB', async (req, res) => {
-  winston.verbose("(fbm) Message received from Facebook Instagram");
+  winston.verbose("(ig) Webhook received");
+  if (!verifyWebhookSignature(req)) {
+    return res.sendStatus(403);
+  }
+  res.status(200).send('EVENT_RECEIVED');
-  let body = req.body;
-  if (body.object === 'page') {
+  setImmediate(async () => {
+    try {
+      let body = req.body;
+      winston.verbose("(ig) Processing webhook asynchronously");
     let page_id = body.entry[0].id;
     let PAGE_KEY = "instagram-page-" + page_id;
@@ -606,9 +640,10 @@ router.post('/webhookFB', async (req, res) => {
       }
     })
-  }
-  return res.status(200).send('EVENT_RECEIVED');
+    } catch (err) {
+      winston.error("(ig) Async webhook processing error: ", err?.response?.data || err.message || err);
+    }
+  });
 })
 router.get('/webhookFB', async (req, res) => {
@@ -688,7 +723,7 @@ router.get('/oauth-callback', async (req, res) => {
     var CONTENT_KEY = "instagram-" + projectId;
     var settings = await db.get(CONTENT_KEY) || {};
-    settings.ig_oauth_token = tokenData;
+    settings.ig_oauth_token = instagramOAuth.encryptToken(tokenData);
     settings.instagram_username = tokenData.username;
     settings.instagram_business_id = tokenData.instagram_business_id;
     settings.connected = true;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@resultcrafter/aimanager-instagram-connector",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "AI Manager Instagram DM connector",
   "main": "index.js",
   "scripts": {