@upstash/qstash 0.0.0 → 0.0.5

package/README.md

@@ -1 +1,119 @@
-# sdk-qstash-ts
+# Upstash qStash SDK
+
+[![Tests](https://github.com/upstash/upstash-redis/actions/workflows/tests.yaml/badge.svg)](https://github.com/upstash/upstash-redis/actions/workflows/tests.yaml)
+![npm (scoped)](https://img.shields.io/npm/v/@upstash/redis)
+![npm bundle size](https://img.shields.io/bundlephobia/minzip/@upstash/redis)
+
+**qStash** is a serverless queueing / messaging system, designed to be used with
+serverless functions to consume from the queue.
+
+It is the only connectionless (HTTP based) Redis client and designed for:
+
+- Serverless functions (AWS Lambda ...)
+- Cloudflare Workers (see
+  [the example](https://github.com/upstash/upstash-redis/tree/main/examples/cloudflare-workers))
+- Fastly Compute@Edge (see
+  [the example](https://github.com/upstash/upstash-redis/tree/main/examples/fastly))
+- Next.js, Jamstack ...
+- Client side web/mobile applications
+- WebAssembly
+- and other environments where HTTP is preferred over TCP.
+
+See
+[the list of APIs](https://docs.upstash.com/features/restapi#rest---redis-api-compatibility)
+supported.
+
+## How does qStash work?
+
+qStash is the message broker between your serverless apps. You send a HTTP
+request to qStash, that includes a destination, a payload and optional settings.
+We store your message durable and will deliver it to the destination server via
+HTTP. In case the destination is not ready to receive the message, we will retry
+the message later, to guarentee at-least-once delivery.
+
+## Quick Start
+
+### Install
+
+#### npm
+
+```bash
+npm install @upstash/qstash
+```
+
+#### Deno
+
+```ts
+import { Redis } from "https://deno.land/x/upstash_qstash/mod.ts";
+```
+
+### Activate qStash
+
+Go to [upstash](https://console.upstash.com/qstash) and activate qStash.
+
+## Basic Usage:
+
+### Publishing a message
+
+```ts
+import { Client } from "@upstash/qstash"
+
+const q = new Client({
+  token: <QSTASH_TOKEN>,
+})
+
+const res = await q.publishJSON({
+    body: { hello: "world" },
+})
+
+console.log(res.messageID)
+```
+
+### Consuming a message
+
+How to consume a message depends on your http server. QStash does not receive
+the http request directly, but should be called by you as the first step in your
+handler function.
+
+```ts
+import { Consumer } from "@upstash/qstash";
+
+const c = new Consumer({
+  currentSigningKey: "..",
+  nextSigningKey: "..",
+});
+
+const isValid = await c.verify({
+  /**
+   * The signature from the `upstash-signature` header.
+   */
+  signature: "string";
+
+  /**
+   * The raw request body.
+   */
+  body: "string";
+
+  /**
+   * URL of the endpoint where the request was sent to.
+   */
+  url: "string";
+})
+```
+
+## Docs
+
+See [the documentation](https://docs.upstash.com/features/qstash) for details.
+
+## Contributing
+
+### [Install Deno](https://deno.land/#installation)
+
+### Running tests
+
+```sh
+QSTASH_TOKEN=".." deno test -A
+```
+
+```
+```

package/esm/_dnt.shims.js

@@ -0,0 +1,65 @@
+import { Deno } from "@deno/shim-deno";
+export { Deno } from "@deno/shim-deno";
+import { crypto } from "@deno/shim-crypto";
+export { crypto } from "@deno/shim-crypto";
+const dntGlobals = {
+    Deno,
+    crypto,
+};
+export const dntGlobalThis = createMergeProxy(globalThis, dntGlobals);
+// deno-lint-ignore ban-types
+function createMergeProxy(baseObj, extObj) {
+    return new Proxy(baseObj, {
+        get(_target, prop, _receiver) {
+            if (prop in extObj) {
+                return extObj[prop];
+            }
+            else {
+                return baseObj[prop];
+            }
+        },
+        set(_target, prop, value) {
+            if (prop in extObj) {
+                delete extObj[prop];
+            }
+            baseObj[prop] = value;
+            return true;
+        },
+        deleteProperty(_target, prop) {
+            let success = false;
+            if (prop in extObj) {
+                delete extObj[prop];
+                success = true;
+            }
+            if (prop in baseObj) {
+                delete baseObj[prop];
+                success = true;
+            }
+            return success;
+        },
+        ownKeys(_target) {
+            const baseKeys = Reflect.ownKeys(baseObj);
+            const extKeys = Reflect.ownKeys(extObj);
+            const extKeysSet = new Set(extKeys);
+            return [...baseKeys.filter((k) => !extKeysSet.has(k)), ...extKeys];
+        },
+        defineProperty(_target, prop, desc) {
+            if (prop in extObj) {
+                delete extObj[prop];
+            }
+            Reflect.defineProperty(baseObj, prop, desc);
+            return true;
+        },
+        getOwnPropertyDescriptor(_target, prop) {
+            if (prop in extObj) {
+                return Reflect.getOwnPropertyDescriptor(extObj, prop);
+            }
+            else {
+                return Reflect.getOwnPropertyDescriptor(baseObj, prop);
+            }
+        },
+        has(_target, prop) {
+            return prop in extObj || prop in baseObj;
+        },
+    });
+}

package/esm/consumer.js

@@ -0,0 +1,82 @@
+import * as dntShim from "./_dnt.shims.js";
+import * as base64url from "./deps/deno.land/std@0.144.0/encoding/base64url.js";
+import * as base64 from "./deps/deno.land/std@0.144.0/encoding/base64.js";
+export class SignatureError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "SignatureError";
+    }
+}
+/**
+ * Consumer offers a simlpe way to verify the signature of a request.
+ */
+export class Consumer {
+    constructor(config) {
+        Object.defineProperty(this, "currentSigningKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "nextSigningKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.currentSigningKey = config.currentSigningKey;
+        this.nextSigningKey = config.nextSigningKey;
+    }
+    /**
+     * Verify the signature of a request.
+     *
+     * Tries to verify the signature with the current signing key.
+     * If that fails, maybe because you have rotated the keys recently, it will
+     * try to verify the signature with the next signing key.
+     *
+     * If that fails, the signature is invalid and a `SignatureError` is thrown.
+     */
+    async verify(req) {
+        const isValid = await this.verifyWithKey(this.currentSigningKey, req);
+        if (isValid) {
+            return true;
+        }
+        return this.verifyWithKey(this.nextSigningKey, req);
+    }
+    /**
+     * Verify signature with a specific signing key
+     */
+    async verifyWithKey(key, req) {
+        const parts = req.signature.split(".");
+        if (parts.length !== 3) {
+            throw new SignatureError("`Upstash-Signature` header is not a valid signature");
+        }
+        const [header, payload, signature] = parts;
+        const k = await dntShim.crypto.subtle.importKey("raw", new TextEncoder().encode(key), { name: "HMAC", hash: "SHA-256" }, false, ["sign", "verify"]);
+        const isValid = await dntShim.crypto.subtle.verify({ name: "HMAC" }, k, base64url.decode(signature), new TextEncoder().encode(`${header}.${payload}`));
+        if (!isValid) {
+            throw new SignatureError("signature does not match");
+        }
+        const p = JSON.parse(new TextDecoder().decode(base64url.decode(payload)));
+        console.log(JSON.stringify(p, null, 2));
+        if (p.iss !== "Upstash") {
+            throw new SignatureError(`invalid issuer: ${p.iss}`);
+        }
+        if (p.sub !== req.url) {
+            throw new SignatureError(`invalid subject: ${p.sub}`);
+        }
+        const now = Math.floor(Date.now() / 1000);
+        if (now > p.exp) {
+            console.log({ now, exp: p.exp });
+            throw new SignatureError("token has expired");
+        }
+        if (now < p.nbf) {
+            throw new SignatureError("token is not yet valid");
+        }
+        const bodyHash = await dntShim.crypto.subtle.digest("SHA-256", new TextEncoder().encode(req.body));
+        if (p.body != base64.encode(bodyHash)) {
+            throw new SignatureError("body hash does not match");
+        }
+        return true;
+    }
+}

package/esm/deps/deno.land/std@0.144.0/encoding/base64.js

@@ -0,0 +1,115 @@
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+const base64abc = [
+    "A",
+    "B",
+    "C",
+    "D",
+    "E",
+    "F",
+    "G",
+    "H",
+    "I",
+    "J",
+    "K",
+    "L",
+    "M",
+    "N",
+    "O",
+    "P",
+    "Q",
+    "R",
+    "S",
+    "T",
+    "U",
+    "V",
+    "W",
+    "X",
+    "Y",
+    "Z",
+    "a",
+    "b",
+    "c",
+    "d",
+    "e",
+    "f",
+    "g",
+    "h",
+    "i",
+    "j",
+    "k",
+    "l",
+    "m",
+    "n",
+    "o",
+    "p",
+    "q",
+    "r",
+    "s",
+    "t",
+    "u",
+    "v",
+    "w",
+    "x",
+    "y",
+    "z",
+    "0",
+    "1",
+    "2",
+    "3",
+    "4",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "+",
+    "/",
+];
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+export function encode(data) {
+    const uint8 = typeof data === "string"
+        ? new TextEncoder().encode(data)
+        : data instanceof Uint8Array
+            ? data
+            : new Uint8Array(data);
+    let result = "", i;
+    const l = uint8.length;
+    for (i = 2; i < l; i += 3) {
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)];
+        result += base64abc[uint8[i] & 0x3f];
+    }
+    if (i === l + 1) {
+        // 1 octet yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[(uint8[i - 2] & 0x03) << 4];
+        result += "==";
+    }
+    if (i === l) {
+        // 2 octets yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[(uint8[i - 1] & 0x0f) << 2];
+        result += "=";
+    }
+    return result;
+}
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+export function decode(b64) {
+    const binString = atob(b64);
+    const size = binString.length;
+    const bytes = new Uint8Array(size);
+    for (let i = 0; i < size; i++) {
+        bytes[i] = binString.charCodeAt(i);
+    }
+    return bytes;
+}

package/esm/deps/deno.land/std@0.144.0/encoding/base64url.js

@@ -0,0 +1,42 @@
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+import * as base64 from "./base64.js";
+/*
+ * Some variants allow or require omitting the padding '=' signs:
+ * https://en.wikipedia.org/wiki/Base64#The_URL_applications
+ * @param base64url
+ */
+export function addPaddingToBase64url(base64url) {
+    if (base64url.length % 4 === 2)
+        return base64url + "==";
+    if (base64url.length % 4 === 3)
+        return base64url + "=";
+    if (base64url.length % 4 === 1) {
+        throw new TypeError("Illegal base64url string!");
+    }
+    return base64url;
+}
+function convertBase64urlToBase64(b64url) {
+    if (!/^[-_A-Z0-9]*?={0,2}$/i.test(b64url)) {
+        // Contains characters not part of base64url spec.
+        throw new TypeError("Failed to decode base64url: invalid character");
+    }
+    return addPaddingToBase64url(b64url).replace(/\-/g, "+").replace(/_/g, "/");
+}
+function convertBase64ToBase64url(b64) {
+    return b64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+/**
+ * Encodes a given ArrayBuffer or string into a base64url representation
+ * @param data
+ */
+export function encode(data) {
+    return convertBase64ToBase64url(base64.encode(data));
+}
+/**
+ * Converts given base64url encoded data back to original
+ * @param b64url
+ */
+export function decode(b64url) {
+    return base64.decode(convertBase64urlToBase64(b64url));
+}

package/esm/entrypoints/nextjs.js

@@ -0,0 +1,48 @@
+import { buffer } from "micro";
+import { Consumer } from "../consumer.js";
+export function verifySignature(handler, config) {
+    const currentSigningKey = config?.currentSigningKey ??
+        process.env.get["QSTASH_CURRENT_SIGNING_KEY"];
+    if (!currentSigningKey) {
+        throw new Error("currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY");
+    }
+    const nextSigningKey = config?.nextSigningKey ??
+        process.env.get["QSTASH_NEXT_SIGNING_KEY"];
+    if (!nextSigningKey) {
+        throw new Error("nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY");
+    }
+    const consumer = new Consumer({
+        currentSigningKey,
+        nextSigningKey,
+    });
+    return async (req, res) => {
+        const signature = req.headers["upstash-signature"];
+        if (!signature) {
+            throw new Error("`Upstash-Signature` header is missing");
+        }
+        if (typeof signature !== "string") {
+            throw new Error("`Upstash-Signature` header is not a string");
+        }
+        const body = (await buffer(req)).toString();
+        const url = new URL(req.url, `http://${req.headers.host}`).href;
+        const isValid = await consumer.verify({ signature, body, url });
+        if (!isValid) {
+            res.status(400);
+            res.send("Invalid signature");
+            return res.end();
+        }
+        try {
+            if (req.headers["content-type"] === "application/json") {
+                req.body = JSON.parse(body);
+            }
+            else {
+                req.body = body;
+            }
+        }
+        catch {
+            req.body = body;
+            console.log("body is not json");
+        }
+        return handler(req, res);
+    };
+}

package/package.json

@@ -1,9 +1,9 @@
 {
-  "module": "./esm/platforms/nodejs.js",
-  "main": "./script/platforms/nodejs.js",
-  "types": "./types/platforms/nodejs.d.ts",
+  "module": "./esm/entrypoints/nextjs.js",
+  "main": "./script/entrypoints/nextjs.js",
+  "types": "./types/entrypoints/nextjs.d.ts",
   "name": "@upstash/qstash",
-  "version": "v0.0.0",
+  "version": "v0.0.5",
   "description": "Official Deno/Typescript client for qStash",
   "repository": {
     "type": "git",
@@ -23,29 +23,23 @@
   },
   "homepage": "https://github.com/upstash/sdk-qstash-ts#readme",
   "devDependencies": {
-    "@size-limit/preset-small-lib": "latest",
-    "size-limit": "latest"
+    "micro": "latest",
+    "next": "latest"
   },
   "typesVersions": {
     "*": {
-      "nodejs": "./types/platforms/nodejs.d.ts"
+      "nextjs": "./types/entrypoints/nextjs.d.ts"
     }
   },
-  "size-limit": [
-    {
-      "path": "esm/platforms/nodejs.js",
-      "limit": "6 KB"
-    },
-    {
-      "path": "script/platforms/nodejs.js",
-      "limit": "10 KB"
-    }
-  ],
   "exports": {
-    ".": {
-      "import": "./esm/platforms/nodejs.js",
-      "require": "./script/platforms/nodejs.js",
-      "types": "./types/platforms/nodejs.d.ts"
+    "./nextjs": {
+      "import": "./esm/entrypoints/nextjs.js",
+      "require": "./script/entrypoints/nextjs.js",
+      "types": "./types/entrypoints/nextjs.d.ts"
     }
+  },
+  "dependencies": {
+    "@deno/shim-crypto": "~0.2.0",
+    "@deno/shim-deno": "~0.5.0"
   }
 }

package/script/_dnt.shims.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dntGlobalThis = exports.crypto = exports.Deno = void 0;
+const shim_deno_1 = require("@deno/shim-deno");
+var shim_deno_2 = require("@deno/shim-deno");
+Object.defineProperty(exports, "Deno", { enumerable: true, get: function () { return shim_deno_2.Deno; } });
+const shim_crypto_1 = require("@deno/shim-crypto");
+var shim_crypto_2 = require("@deno/shim-crypto");
+Object.defineProperty(exports, "crypto", { enumerable: true, get: function () { return shim_crypto_2.crypto; } });
+const dntGlobals = {
+    Deno: shim_deno_1.Deno,
+    crypto: shim_crypto_1.crypto,
+};
+exports.dntGlobalThis = createMergeProxy(globalThis, dntGlobals);
+// deno-lint-ignore ban-types
+function createMergeProxy(baseObj, extObj) {
+    return new Proxy(baseObj, {
+        get(_target, prop, _receiver) {
+            if (prop in extObj) {
+                return extObj[prop];
+            }
+            else {
+                return baseObj[prop];
+            }
+        },
+        set(_target, prop, value) {
+            if (prop in extObj) {
+                delete extObj[prop];
+            }
+            baseObj[prop] = value;
+            return true;
+        },
+        deleteProperty(_target, prop) {
+            let success = false;
+            if (prop in extObj) {
+                delete extObj[prop];
+                success = true;
+            }
+            if (prop in baseObj) {
+                delete baseObj[prop];
+                success = true;
+            }
+            return success;
+        },
+        ownKeys(_target) {
+            const baseKeys = Reflect.ownKeys(baseObj);
+            const extKeys = Reflect.ownKeys(extObj);
+            const extKeysSet = new Set(extKeys);
+            return [...baseKeys.filter((k) => !extKeysSet.has(k)), ...extKeys];
+        },
+        defineProperty(_target, prop, desc) {
+            if (prop in extObj) {
+                delete extObj[prop];
+            }
+            Reflect.defineProperty(baseObj, prop, desc);
+            return true;
+        },
+        getOwnPropertyDescriptor(_target, prop) {
+            if (prop in extObj) {
+                return Reflect.getOwnPropertyDescriptor(extObj, prop);
+            }
+            else {
+                return Reflect.getOwnPropertyDescriptor(baseObj, prop);
+            }
+        },
+        has(_target, prop) {
+            return prop in extObj || prop in baseObj;
+        },
+    });
+}