@scalekit-sdk/node 2.1.3 → 2.1.5

package/src/scalekit.ts

@@ -10,6 +10,7 @@ import DomainClient from './domain';
 import OrganizationClient from './organization';
 import PasswordlessClient from './passwordless';
 import UserClient from './user';
+import SessionClient from './session';
 import RoleClient from './role';
 import PermissionClient from './permission';
 import { IdpInitiatedLoginClaims, IdTokenClaim, User } from './types/auth';
@@ -39,6 +40,7 @@ export default class ScalekitClient {
   readonly directory: DirectoryClient;
   readonly passwordless: PasswordlessClient;
   readonly user: UserClient;
+  readonly session: SessionClient;
   readonly role: RoleClient;
   readonly permission: PermissionClient;
   constructor(
@@ -79,6 +81,10 @@ export default class ScalekitClient {
       this.grpcConnect,
       this.coreClient
     );
+    this.session = new SessionClient(
+      this.grpcConnect,
+      this.coreClient
+    );
     this.role = new RoleClient(
       this.grpcConnect,
       this.coreClient
@@ -251,7 +257,37 @@ export default class ScalekitClient {
     const webhookTimestamp = headers['webhook-timestamp'];
     const webhookSignature = headers['webhook-signature'];
     
-    if (!webhookId || !webhookTimestamp || !webhookSignature) {
+    return this.verifyPayloadSignature(secret, webhookId, webhookTimestamp, webhookSignature, payload);
+  }
+
+  /**
+   * Verify interceptor payload
+   * 
+   * @param {string} secret The secret
+   * @param {Record<string, string>} headers The headers
+   * @param {string} payload The payload
+   * @return {boolean} Returns true if the payload is valid.
+   */
+  verifyInterceptorPayload(secret: string, headers: Record<string, string>, payload: string): boolean {
+    const interceptorId = headers['interceptor-id'];
+    const interceptorTimestamp = headers['interceptor-timestamp'];
+    const interceptorSignature = headers['interceptor-signature'];
+    
+    return this.verifyPayloadSignature(secret, interceptorId, interceptorTimestamp, interceptorSignature, payload);
+  }
+
+  /**
+   * Common payload signature verification logic
+   * 
+   * @param {string} secret The secret
+   * @param {string} id The webhook/interceptor id
+   * @param {string} timestamp The timestamp
+   * @param {string} signature The signature
+   * @param {string} payload The payload
+   * @return {boolean} Returns true if the payload signature is valid.
+   */
+  private verifyPayloadSignature(secret: string, id: string, timestamp: string, signature: string, payload: string): boolean {
+    if (!id || !timestamp || !signature) {
       throw new WebhookVerificationError("Missing required headers");
     }
     
@@ -261,18 +297,18 @@ export default class ScalekitClient {
     }
     
     try {
-      const timestamp = this.verifyTimestamp(webhookTimestamp);
-      const data = `${webhookId}.${Math.floor(timestamp.getTime() / 1000)}.${payload}`;
+      const timestampDate = this.verifyTimestamp(timestamp);
+      const data = `${id}.${Math.floor(timestampDate.getTime() / 1000)}.${payload}`;
       const secretBytes = Buffer.from(secretParts[1], 'base64');
       const computedSignature = this.computeSignature(secretBytes, data);
-      const receivedSignatures = webhookSignature.split(" ");
+      const receivedSignatures = signature.split(" ");
       
       for (const versionedSignature of receivedSignatures) {
-        const [version, signature] = versionedSignature.split(",");
+        const [version, receivedSignature] = versionedSignature.split(",");
         if (version !== WEBHOOK_SIGNATURE_VERSION) {
           continue;
         }
-        if (crypto.timingSafeEqual(Buffer.from(signature, 'base64'), Buffer.from(computedSignature, 'base64'))) {
+        if (crypto.timingSafeEqual(Buffer.from(receivedSignature, 'base64'), Buffer.from(computedSignature, 'base64'))) {
           return true;
         }
       }

package/src/session.ts

@@ -0,0 +1,134 @@
+import { PartialMessage } from '@bufbuild/protobuf';
+import { PromiseClient } from '@connectrpc/connect';
+import GrpcConnect from './connect';
+import CoreClient from './core';
+import { SessionService } from './pkg/grpc/scalekit/v1/sessions/sessions_connect';
+import { 
+  SessionDetailsRequest,
+  SessionDetails,
+  UserSessionDetailsRequest,
+  UserSessionDetails,
+  UserSessionFilter,
+  RevokeSessionRequest,
+  RevokeSessionResponse,
+  RevokeAllUserSessionsRequest,
+  RevokeAllUserSessionsResponse
+} from './pkg/grpc/scalekit/v1/sessions/sessions_pb';
+import { Timestamp } from '@bufbuild/protobuf';
+
+export default class SessionClient {
+  private client: PromiseClient<typeof SessionService>;
+
+  constructor(
+    private readonly grpcConnect: GrpcConnect,
+    private readonly coreClient: CoreClient
+  ) {
+    this.client = this.grpcConnect.createClient(SessionService);
+  }
+
+  /**
+   * Get details for a specific session
+   * @param {string} sessionId The session id
+   * @returns {Promise<SessionDetails>} The session details
+   */
+  async getSession(sessionId: string): Promise<SessionDetails> {
+    return this.coreClient.connectExec(
+      this.client.getSession,
+      {
+        sessionId
+      }
+    );
+  }
+
+  /**
+   * Get all session details for a user with pagination and filtering
+   * @param {string} userId The user id
+   * @param {object} options The pagination and filtering options
+   * @param {number} options.pageSize The page size
+   * @param {string} options.pageToken The page token
+   * @param {object} options.filter The session filter options
+   * @param {string[]} options.filter.status The session statuses to filter by
+   * @param {Date} options.filter.startTime The start time for filtering sessions
+   * @param {Date} options.filter.endTime The end time for filtering sessions
+   * @returns {Promise<UserSessionDetails>} The user session details
+   */
+  async getUserSessions(
+    userId: string,
+    options?: {
+      pageSize?: number,
+      pageToken?: string,
+      filter?: {
+        status?: string[],
+        startTime?: Date,
+        endTime?: Date
+      }
+    }
+  ): Promise<UserSessionDetails> {
+    const request: PartialMessage<UserSessionDetailsRequest> = {
+      userId
+    };
+
+    if (options?.pageSize !== undefined) {
+      request.pageSize = options.pageSize;
+    }
+
+    if (options?.pageToken) {
+      request.pageToken = options.pageToken;
+    }
+
+    if (options?.filter) {
+      const filter = new UserSessionFilter();
+      
+      if (options.filter.status) {
+        filter.status = options.filter.status;
+      }
+      
+      if (options.filter.startTime) {
+        filter.startTime = Timestamp.fromDate(options.filter.startTime);
+      }
+      
+      if (options.filter.endTime) {
+        filter.endTime = Timestamp.fromDate(options.filter.endTime);
+      }
+      
+      request.filter = filter;
+    }
+
+    return this.coreClient.connectExec(
+      this.client.getUserSessions,
+      request
+    );
+  }
+
+  /**
+   * Revoke a session for a user
+   * @param {string} sessionId The session id to revoke
+   * @returns {Promise<RevokeSessionResponse>} The response with revoked session details
+   */
+  async revokeSession(sessionId: string): Promise<RevokeSessionResponse> {
+    return this.coreClient.connectExec(
+      this.client.revokeSession,
+      {
+        sessionId
+      }
+    );
+  }
+
+  /**
+   * Revoke all sessions for a user
+   * @param {string} userId The user id whose sessions should be revoked
+   * @returns {Promise<RevokeAllUserSessionsResponse>} The response with all revoked session details
+   */
+  async revokeAllUserSessions(userId: string): Promise<RevokeAllUserSessionsResponse> {
+    if (!userId) {
+      throw new Error('userId is required');
+    }
+
+    return this.coreClient.connectExec(
+      this.client.revokeAllUserSessions,
+      {
+        userId
+      }
+    );
+  }
+}