@stableops/api-sdk 0.1.0

package/dist/webhooks.js

@@ -0,0 +1,134 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/webhooks-entry.ts
+var webhooks_entry_exports = {};
+__export(webhooks_entry_exports, {
+  DEFAULT_TOLERANCE_SECONDS: () => DEFAULT_TOLERANCE_SECONDS,
+  DELIVERY_ID_HEADER: () => DELIVERY_ID_HEADER,
+  EVENT_ID_HEADER: () => EVENT_ID_HEADER,
+  SIGNATURE_HEADER: () => SIGNATURE_HEADER,
+  WebhooksApi: () => WebhooksApi,
+  buildSignatureHeader: () => buildSignatureHeader,
+  buildSignatureHeaderForSecrets: () => buildSignatureHeaderForSecrets,
+  verifySignature: () => verifySignature2
+});
+module.exports = __toCommonJS(webhooks_entry_exports);
+
+// src/signature.ts
+var import_node_crypto = require("crypto");
+var SIGNATURE_HEADER = "X-Product-Signature";
+var EVENT_ID_HEADER = "X-Event-Id";
+var DELIVERY_ID_HEADER = "X-Delivery-Id";
+var DEFAULT_TOLERANCE_SECONDS = 5 * 60;
+function buildSignatureHeader({
+  secret,
+  timestamp,
+  rawBody
+}) {
+  return buildSignatureHeaderForSecrets({
+    secrets: [secret],
+    timestamp,
+    rawBody
+  });
+}
+function buildSignatureHeaderForSecrets({
+  secrets,
+  timestamp,
+  rawBody
+}) {
+  const payload = `${timestamp}.${rawBody}`;
+  const signatures = secrets.filter((secret) => secret.length > 0).map((secret) => (0, import_node_crypto.createHmac)("sha256", secret).update(payload).digest("hex"));
+  return `t=${timestamp},${signatures.map((signature) => `v1=${signature}`).join(",")}`;
+}
+function verifySignature(input) {
+  if (!input.header) return { ok: false, reason: "missing_header" };
+  const parsed = parseHeader(input.header);
+  if (!parsed) return { ok: false, reason: "invalid_format" };
+  const now = input.now ?? Math.floor(Date.now() / 1e3);
+  const tolerance = input.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS;
+  if (Math.abs(now - parsed.timestamp) > tolerance) {
+    return { ok: false, reason: "timestamp_expired" };
+  }
+  const payload = `${parsed.timestamp}.${input.rawBody}`;
+  for (const secret of input.secrets) {
+    if (!secret) continue;
+    const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(payload).digest("hex");
+    for (const signature of parsed.signatures) {
+      if (safeEqualHex(expected, signature)) {
+        return { ok: true, timestamp: parsed.timestamp };
+      }
+    }
+  }
+  return { ok: false, reason: "bad_signature" };
+}
+function parseHeader(header) {
+  let timestamp = null;
+  const signatures = [];
+  for (const segment of header.split(",")) {
+    const [key, value] = segment.trim().split("=");
+    if (!key || !value) continue;
+    if (key === "t") {
+      const ts = Number(value);
+      if (Number.isFinite(ts)) timestamp = ts;
+    } else if (key === "v1") {
+      signatures.push(value);
+    }
+  }
+  if (timestamp === null || signatures.length === 0) return null;
+  return { timestamp, signatures };
+}
+function safeEqualHex(a, b) {
+  if (!isSha256Hex(a) || !isSha256Hex(b)) return false;
+  const aBuffer = Buffer.from(a, "hex");
+  const bBuffer = Buffer.from(b, "hex");
+  return (0, import_node_crypto.timingSafeEqual)(aBuffer, bBuffer);
+}
+function isSha256Hex(value) {
+  return /^[a-f0-9]{64}$/i.test(value);
+}
+
+// src/webhooks-entry.ts
+function verifySignature2(input) {
+  const secrets = "secret" in input ? Array.isArray(input.secret) ? input.secret : [input.secret] : input.secrets;
+  return verifySignature({
+    secrets,
+    header: input.header,
+    rawBody: input.rawBody,
+    toleranceSeconds: input.toleranceSeconds,
+    now: input.now
+  });
+}
+var WebhooksApi = class {
+  verify(input) {
+    return verifySignature2(input);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DEFAULT_TOLERANCE_SECONDS,
+  DELIVERY_ID_HEADER,
+  EVENT_ID_HEADER,
+  SIGNATURE_HEADER,
+  WebhooksApi,
+  buildSignatureHeader,
+  buildSignatureHeaderForSecrets,
+  verifySignature
+});
+//# sourceMappingURL=webhooks.js.map

package/dist/webhooks.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/webhooks-entry.ts","../src/signature.ts"],"sourcesContent":["import {\n  verifySignature as verifySignatureWithSecrets,\n  type VerifyInput,\n  type VerifyResult,\n} from './signature'\n\nexport {\n  buildSignatureHeader,\n  buildSignatureHeaderForSecrets,\n  SIGNATURE_HEADER,\n  EVENT_ID_HEADER,\n  DELIVERY_ID_HEADER,\n  DEFAULT_TOLERANCE_SECONDS,\n} from './signature'\nexport type {\n  SignatureBuildInput,\n  MultiSignatureBuildInput,\n  VerifyResult,\n} from './signature'\n\nexport type WebhookVerifyInput = Omit<VerifyInput, 'secrets'> &\n  (\n    | { secret: string | readonly string[]; secrets?: never }\n    | { secrets: readonly string[]; secret?: never }\n  )\n\nexport function verifySignature(input: WebhookVerifyInput): VerifyResult {\n  const secrets =\n    'secret' in input\n      ? Array.isArray(input.secret)\n        ? input.secret\n        : [input.secret as string]\n      : input.secrets\n\n  return verifySignatureWithSecrets({\n    secrets,\n    header: input.header,\n    rawBody: input.rawBody,\n    toleranceSeconds: input.toleranceSeconds,\n    now: input.now,\n  })\n}\n\nexport class WebhooksApi {\n  verify(input: WebhookVerifyInput): VerifyResult {\n    return verifySignature(input)\n  }\n}\n","import { createHmac, timingSafeEqual } from 'node:crypto'\n\n// 与服务端 webhook 签名格式保持一致：\n//   X-Product-Signature: t=<unix_ts>,v1=<hmac_sha256(t.rawBody)>\n// SDK 内联实现，避免发布包依赖内部 workspace 包。\n\nexport const SIGNATURE_HEADER = 'X-Product-Signature'\nexport const EVENT_ID_HEADER = 'X-Event-Id'\nexport const DELIVERY_ID_HEADER = 'X-Delivery-Id'\nexport const DEFAULT_TOLERANCE_SECONDS = 5 * 60\n\nexport type SignatureBuildInput = {\n  secret: string\n  timestamp: number\n  rawBody: string\n}\n\nexport type MultiSignatureBuildInput = {\n  secrets: readonly string[]\n  timestamp: number\n  rawBody: string\n}\n\nexport type VerifyInput = {\n  secrets: readonly string[]\n  header: string | undefined\n  rawBody: string\n  now?: number\n  toleranceSeconds?: number\n}\n\nexport type VerifyResult =\n  | { ok: true; timestamp: number }\n  | {\n      ok: false\n      reason:\n        | 'missing_header'\n        | 'invalid_format'\n        | 'timestamp_expired'\n        | 'bad_signature'\n    }\n\nexport function buildSignatureHeader({\n  secret,\n  timestamp,\n  rawBody,\n}: SignatureBuildInput): string {\n  return buildSignatureHeaderForSecrets({\n    secrets: [secret],\n    timestamp,\n    rawBody,\n  })\n}\n\nexport function buildSignatureHeaderForSecrets({\n  secrets,\n  timestamp,\n  rawBody,\n}: MultiSignatureBuildInput): string {\n  const payload = `${timestamp}.${rawBody}`\n  const signatures = secrets\n    .filter((secret) => secret.length > 0)\n    .map((secret) => createHmac('sha256', secret).update(payload).digest('hex'))\n  return `t=${timestamp},${signatures.map((signature) => `v1=${signature}`).join(',')}`\n}\n\nexport function verifySignature(input: VerifyInput): VerifyResult {\n  if (!input.header) return { ok: false, reason: 'missing_header' }\n  const parsed = parseHeader(input.header)\n  if (!parsed) return { ok: false, reason: 'invalid_format' }\n\n  const now = input.now ?? Math.floor(Date.now() / 1000)\n  const tolerance = input.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS\n  if (Math.abs(now - parsed.timestamp) > tolerance) {\n    return { ok: false, reason: 'timestamp_expired' }\n  }\n\n  const payload = `${parsed.timestamp}.${input.rawBody}`\n  for (const secret of input.secrets) {\n    if (!secret) continue\n    const expected = createHmac('sha256', secret).update(payload).digest('hex')\n    for (const signature of parsed.signatures) {\n      if (safeEqualHex(expected, signature)) {\n        return { ok: true, timestamp: parsed.timestamp }\n      }\n    }\n  }\n  return { ok: false, reason: 'bad_signature' }\n}\n\nfunction parseHeader(\n  header: string,\n): { timestamp: number; signatures: string[] } | null {\n  let timestamp: number | null = null\n  const signatures: string[] = []\n  for (const segment of header.split(',')) {\n    const [key, value] = segment.trim().split('=')\n    if (!key || !value) continue\n    if (key === 't') {\n      const ts = Number(value)\n      if (Number.isFinite(ts)) timestamp = ts\n    } else if (key === 'v1') {\n      signatures.push(value)\n    }\n  }\n  if (timestamp === null || signatures.length === 0) return null\n  return { timestamp, signatures }\n}\n\nfunction safeEqualHex(a: string, b: string): boolean {\n  if (!isSha256Hex(a) || !isSha256Hex(b)) return false\n  const aBuffer = Buffer.from(a, 'hex')\n  const bBuffer = Buffer.from(b, 'hex')\n  return timingSafeEqual(aBuffer, bBuffer)\n}\n\nfunction isSha256Hex(value: string): boolean {\n  return /^[a-f0-9]{64}$/i.test(value)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAAA;AAAA;AAAA;;;ACAA,yBAA4C;AAMrC,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AACxB,IAAM,qBAAqB;AAC3B,IAAM,4BAA4B,IAAI;AAiCtC,SAAS,qBAAqB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AACF,GAAgC;AAC9B,SAAO,+BAA+B;AAAA,IACpC,SAAS,CAAC,MAAM;AAAA,IAChB;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEO,SAAS,+BAA+B;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACF,GAAqC;AACnC,QAAM,UAAU,GAAG,SAAS,IAAI,OAAO;AACvC,QAAM,aAAa,QAChB,OAAO,CAAC,WAAW,OAAO,SAAS,CAAC,EACpC,IAAI,CAAC,eAAW,+BAAW,UAAU,MAAM,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK,CAAC;AAC7E,SAAO,KAAK,SAAS,IAAI,WAAW,IAAI,CAAC,cAAc,MAAM,SAAS,EAAE,EAAE,KAAK,GAAG,CAAC;AACrF;AAEO,SAAS,gBAAgB,OAAkC;AAChE,MAAI,CAAC,MAAM,OAAQ,QAAO,EAAE,IAAI,OAAO,QAAQ,iBAAiB;AAChE,QAAM,SAAS,YAAY,MAAM,MAAM;AACvC,MAAI,CAAC,OAAQ,QAAO,EAAE,IAAI,OAAO,QAAQ,iBAAiB;AAE1D,QAAM,MAAM,MAAM,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACrD,QAAM,YAAY,MAAM,oBAAoB;AAC5C,MAAI,KAAK,IAAI,MAAM,OAAO,SAAS,IAAI,WAAW;AAChD,WAAO,EAAE,IAAI,OAAO,QAAQ,oBAAoB;AAAA,EAClD;AAEA,QAAM,UAAU,GAAG,OAAO,SAAS,IAAI,MAAM,OAAO;AACpD,aAAW,UAAU,MAAM,SAAS;AAClC,QAAI,CAAC,OAAQ;AACb,UAAM,eAAW,+BAAW,UAAU,MAAM,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AAC1E,eAAW,aAAa,OAAO,YAAY;AACzC,UAAI,aAAa,UAAU,SAAS,GAAG;AACrC,eAAO,EAAE,IAAI,MAAM,WAAW,OAAO,UAAU;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAE,IAAI,OAAO,QAAQ,gBAAgB;AAC9C;AAEA,SAAS,YACP,QACoD;AACpD,MAAI,YAA2B;AAC/B,QAAM,aAAuB,CAAC;AAC9B,aAAW,WAAW,OAAO,MAAM,GAAG,GAAG;AACvC,UAAM,CAAC,KAAK,KAAK,IAAI,QAAQ,KAAK,EAAE,MAAM,GAAG;AAC7C,QAAI,CAAC,OAAO,CAAC,MAAO;AACpB,QAAI,QAAQ,KAAK;AACf,YAAM,KAAK,OAAO,KAAK;AACvB,UAAI,OAAO,SAAS,EAAE,EAAG,aAAY;AAAA,IACvC,WAAW,QAAQ,MAAM;AACvB,iBAAW,KAAK,KAAK;AAAA,IACvB;AAAA,EACF;AACA,MAAI,cAAc,QAAQ,WAAW,WAAW,EAAG,QAAO;AAC1D,SAAO,EAAE,WAAW,WAAW;AACjC;AAEA,SAAS,aAAa,GAAW,GAAoB;AACnD,MAAI,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,CAAC,EAAG,QAAO;AAC/C,QAAM,UAAU,OAAO,KAAK,GAAG,KAAK;AACpC,QAAM,UAAU,OAAO,KAAK,GAAG,KAAK;AACpC,aAAO,oCAAgB,SAAS,OAAO;AACzC;AAEA,SAAS,YAAY,OAAwB;AAC3C,SAAO,kBAAkB,KAAK,KAAK;AACrC;;;AD5FO,SAASC,iBAAgB,OAAyC;AACvE,QAAM,UACJ,YAAY,QACR,MAAM,QAAQ,MAAM,MAAM,IACxB,MAAM,SACN,CAAC,MAAM,MAAgB,IACzB,MAAM;AAEZ,SAAO,gBAA2B;AAAA,IAChC;AAAA,IACA,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM;AAAA,IACf,kBAAkB,MAAM;AAAA,IACxB,KAAK,MAAM;AAAA,EACb,CAAC;AACH;AAEO,IAAM,cAAN,MAAkB;AAAA,EACvB,OAAO,OAAyC;AAC9C,WAAOA,iBAAgB,KAAK;AAAA,EAC9B;AACF;","names":["verifySignature","verifySignature"]}

package/dist/webhooks.mjs

@@ -0,0 +1,37 @@
+import {
+  DEFAULT_TOLERANCE_SECONDS,
+  DELIVERY_ID_HEADER,
+  EVENT_ID_HEADER,
+  SIGNATURE_HEADER,
+  buildSignatureHeader,
+  buildSignatureHeaderForSecrets,
+  verifySignature
+} from "./chunk-B2JLHYXK.mjs";
+
+// src/webhooks-entry.ts
+function verifySignature2(input) {
+  const secrets = "secret" in input ? Array.isArray(input.secret) ? input.secret : [input.secret] : input.secrets;
+  return verifySignature({
+    secrets,
+    header: input.header,
+    rawBody: input.rawBody,
+    toleranceSeconds: input.toleranceSeconds,
+    now: input.now
+  });
+}
+var WebhooksApi = class {
+  verify(input) {
+    return verifySignature2(input);
+  }
+};
+export {
+  DEFAULT_TOLERANCE_SECONDS,
+  DELIVERY_ID_HEADER,
+  EVENT_ID_HEADER,
+  SIGNATURE_HEADER,
+  WebhooksApi,
+  buildSignatureHeader,
+  buildSignatureHeaderForSecrets,
+  verifySignature2 as verifySignature
+};
+//# sourceMappingURL=webhooks.mjs.map

package/dist/webhooks.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/webhooks-entry.ts"],"sourcesContent":["import {\n  verifySignature as verifySignatureWithSecrets,\n  type VerifyInput,\n  type VerifyResult,\n} from './signature'\n\nexport {\n  buildSignatureHeader,\n  buildSignatureHeaderForSecrets,\n  SIGNATURE_HEADER,\n  EVENT_ID_HEADER,\n  DELIVERY_ID_HEADER,\n  DEFAULT_TOLERANCE_SECONDS,\n} from './signature'\nexport type {\n  SignatureBuildInput,\n  MultiSignatureBuildInput,\n  VerifyResult,\n} from './signature'\n\nexport type WebhookVerifyInput = Omit<VerifyInput, 'secrets'> &\n  (\n    | { secret: string | readonly string[]; secrets?: never }\n    | { secrets: readonly string[]; secret?: never }\n  )\n\nexport function verifySignature(input: WebhookVerifyInput): VerifyResult {\n  const secrets =\n    'secret' in input\n      ? Array.isArray(input.secret)\n        ? input.secret\n        : [input.secret as string]\n      : input.secrets\n\n  return verifySignatureWithSecrets({\n    secrets,\n    header: input.header,\n    rawBody: input.rawBody,\n    toleranceSeconds: input.toleranceSeconds,\n    now: input.now,\n  })\n}\n\nexport class WebhooksApi {\n  verify(input: WebhookVerifyInput): VerifyResult {\n    return verifySignature(input)\n  }\n}\n"],"mappings":";;;;;;;;;;;AA0BO,SAASA,iBAAgB,OAAyC;AACvE,QAAM,UACJ,YAAY,QACR,MAAM,QAAQ,MAAM,MAAM,IACxB,MAAM,SACN,CAAC,MAAM,MAAgB,IACzB,MAAM;AAEZ,SAAO,gBAA2B;AAAA,IAChC;AAAA,IACA,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM;AAAA,IACf,kBAAkB,MAAM;AAAA,IACxB,KAAK,MAAM;AAAA,EACb,CAAC;AACH;AAEO,IAAM,cAAN,MAAkB;AAAA,EACvB,OAAO,OAAyC;AAC9C,WAAOA,iBAAgB,KAAK;AAAA,EAC9B;AACF;","names":["verifySignature"]}

package/package.json

@@ -0,0 +1,87 @@
+{
+  "name": "@stableops/api-sdk",
+  "version": "0.1.0",
+  "private": false,
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/StableOps/stableops-api-typescript-sdk.git"
+  },
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "typesVersions": {
+    "*": {
+      "webhooks": [
+        "dist/webhooks.d.ts"
+      ],
+      "mock": [
+        "dist/mock.d.ts"
+      ],
+      "*": [
+        "dist/index.d.ts"
+      ]
+    }
+  },
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    },
+    "./webhooks": {
+      "import": {
+        "types": "./dist/webhooks.d.mts",
+        "default": "./dist/webhooks.mjs"
+      },
+      "require": {
+        "types": "./dist/webhooks.d.ts",
+        "default": "./dist/webhooks.js"
+      }
+    },
+    "./mock": {
+      "import": {
+        "types": "./dist/mock.d.mts",
+        "default": "./dist/mock.mjs"
+      },
+      "require": {
+        "types": "./dist/mock.d.ts",
+        "default": "./dist/mock.js"
+      }
+    }
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "sideEffects": false,
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "prepublishOnly": "pnpm build",
+    "lint": "eslint .",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.16.0",
+    "@types/node": "^24.0.0",
+    "eslint": "^9.16.0",
+    "globals": "^15.14.0",
+    "msw": "^2.4.9",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.18.0",
+    "vitest": "^3.2.4"
+  }
+}