@upstash/qstash 0.0.3 → 0.0.7

package/script/consumer.js

@@ -0,0 +1,110 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Consumer = exports.SignatureError = void 0;
+const dntShim = __importStar(require("./_dnt.shims.js"));
+const base64url = __importStar(require("./deps/deno.land/std@0.144.0/encoding/base64url.js"));
+const base64 = __importStar(require("./deps/deno.land/std@0.144.0/encoding/base64.js"));
+class SignatureError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "SignatureError";
+    }
+}
+exports.SignatureError = SignatureError;
+/**
+ * Consumer offers a simlpe way to verify the signature of a request.
+ */
+class Consumer {
+    constructor(config) {
+        Object.defineProperty(this, "currentSigningKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "nextSigningKey", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.currentSigningKey = config.currentSigningKey;
+        this.nextSigningKey = config.nextSigningKey;
+    }
+    /**
+     * Verify the signature of a request.
+     *
+     * Tries to verify the signature with the current signing key.
+     * If that fails, maybe because you have rotated the keys recently, it will
+     * try to verify the signature with the next signing key.
+     *
+     * If that fails, the signature is invalid and a `SignatureError` is thrown.
+     */
+    async verify(req) {
+        const isValid = await this.verifyWithKey(this.currentSigningKey, req);
+        if (isValid) {
+            return true;
+        }
+        return this.verifyWithKey(this.nextSigningKey, req);
+    }
+    /**
+     * Verify signature with a specific signing key
+     */
+    async verifyWithKey(key, req) {
+        const parts = req.signature.split(".");
+        if (parts.length !== 3) {
+            throw new SignatureError("`Upstash-Signature` header is not a valid signature");
+        }
+        const [header, payload, signature] = parts;
+        const k = await dntShim.crypto.subtle.importKey("raw", new TextEncoder().encode(key), { name: "HMAC", hash: "SHA-256" }, false, ["sign", "verify"]);
+        const isValid = await dntShim.crypto.subtle.verify({ name: "HMAC" }, k, base64url.decode(signature), new TextEncoder().encode(`${header}.${payload}`));
+        if (!isValid) {
+            throw new SignatureError("signature does not match");
+        }
+        const p = JSON.parse(new TextDecoder().decode(base64url.decode(payload)));
+        console.log(JSON.stringify(p, null, 2));
+        if (p.iss !== "Upstash") {
+            throw new SignatureError(`invalid issuer: ${p.iss}`);
+        }
+        if (p.sub !== req.url) {
+            throw new SignatureError(`invalid subject: ${p.sub}, want: ${req.url}`);
+        }
+        const now = Math.floor(Date.now() / 1000);
+        if (now > p.exp) {
+            console.log({ now, exp: p.exp });
+            throw new SignatureError("token has expired");
+        }
+        if (now < p.nbf) {
+            throw new SignatureError("token is not yet valid");
+        }
+        const bodyHash = await dntShim.crypto.subtle.digest("SHA-256", new TextEncoder().encode(req.body));
+        if (p.body != base64.encode(bodyHash)) {
+            throw new SignatureError("body hash does not match");
+        }
+        return true;
+    }
+}
+exports.Consumer = Consumer;

package/script/deps/deno.land/std@0.144.0/encoding/base64.js

@@ -0,0 +1,120 @@
+"use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decode = exports.encode = void 0;
+const base64abc = [
+    "A",
+    "B",
+    "C",
+    "D",
+    "E",
+    "F",
+    "G",
+    "H",
+    "I",
+    "J",
+    "K",
+    "L",
+    "M",
+    "N",
+    "O",
+    "P",
+    "Q",
+    "R",
+    "S",
+    "T",
+    "U",
+    "V",
+    "W",
+    "X",
+    "Y",
+    "Z",
+    "a",
+    "b",
+    "c",
+    "d",
+    "e",
+    "f",
+    "g",
+    "h",
+    "i",
+    "j",
+    "k",
+    "l",
+    "m",
+    "n",
+    "o",
+    "p",
+    "q",
+    "r",
+    "s",
+    "t",
+    "u",
+    "v",
+    "w",
+    "x",
+    "y",
+    "z",
+    "0",
+    "1",
+    "2",
+    "3",
+    "4",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "+",
+    "/",
+];
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+function encode(data) {
+    const uint8 = typeof data === "string"
+        ? new TextEncoder().encode(data)
+        : data instanceof Uint8Array
+            ? data
+            : new Uint8Array(data);
+    let result = "", i;
+    const l = uint8.length;
+    for (i = 2; i < l; i += 3) {
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)];
+        result += base64abc[uint8[i] & 0x3f];
+    }
+    if (i === l + 1) {
+        // 1 octet yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[(uint8[i - 2] & 0x03) << 4];
+        result += "==";
+    }
+    if (i === l) {
+        // 2 octets yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[(uint8[i - 1] & 0x0f) << 2];
+        result += "=";
+    }
+    return result;
+}
+exports.encode = encode;
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+function decode(b64) {
+    const binString = atob(b64);
+    const size = binString.length;
+    const bytes = new Uint8Array(size);
+    for (let i = 0; i < size; i++) {
+        bytes[i] = binString.charCodeAt(i);
+    }
+    return bytes;
+}
+exports.decode = decode;

package/script/deps/deno.land/std@0.144.0/encoding/base64url.js

@@ -0,0 +1,71 @@
+"use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decode = exports.encode = exports.addPaddingToBase64url = void 0;
+const base64 = __importStar(require("./base64.js"));
+/*
+ * Some variants allow or require omitting the padding '=' signs:
+ * https://en.wikipedia.org/wiki/Base64#The_URL_applications
+ * @param base64url
+ */
+function addPaddingToBase64url(base64url) {
+    if (base64url.length % 4 === 2)
+        return base64url + "==";
+    if (base64url.length % 4 === 3)
+        return base64url + "=";
+    if (base64url.length % 4 === 1) {
+        throw new TypeError("Illegal base64url string!");
+    }
+    return base64url;
+}
+exports.addPaddingToBase64url = addPaddingToBase64url;
+function convertBase64urlToBase64(b64url) {
+    if (!/^[-_A-Z0-9]*?={0,2}$/i.test(b64url)) {
+        // Contains characters not part of base64url spec.
+        throw new TypeError("Failed to decode base64url: invalid character");
+    }
+    return addPaddingToBase64url(b64url).replace(/\-/g, "+").replace(/_/g, "/");
+}
+function convertBase64ToBase64url(b64) {
+    return b64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+/**
+ * Encodes a given ArrayBuffer or string into a base64url representation
+ * @param data
+ */
+function encode(data) {
+    return convertBase64ToBase64url(base64.encode(data));
+}
+exports.encode = encode;
+/**
+ * Converts given base64url encoded data back to original
+ * @param b64url
+ */
+function decode(b64url) {
+    return base64.decode(convertBase64urlToBase64(b64url));
+}
+exports.decode = decode;

package/script/entrypoints/nextjs.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifySignature = void 0;
+const micro_1 = require("micro");
+const consumer_js_1 = require("../consumer.js");
+function verifySignature(handler, config) {
+    const currentSigningKey = config?.currentSigningKey ??
+        process.env.get["QSTASH_CURRENT_SIGNING_KEY"];
+    if (!currentSigningKey) {
+        throw new Error("currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY");
+    }
+    const nextSigningKey = config?.nextSigningKey ??
+        process.env.get["QSTASH_NEXT_SIGNING_KEY"];
+    if (!nextSigningKey) {
+        throw new Error("nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY");
+    }
+    const consumer = new consumer_js_1.Consumer({
+        currentSigningKey,
+        nextSigningKey,
+    });
+    return async (req, res) => {
+        const signature = req.headers["upstash-signature"];
+        if (!signature) {
+            throw new Error("`Upstash-Signature` header is missing");
+        }
+        if (typeof signature !== "string") {
+            throw new Error("`Upstash-Signature` header is not a string");
+        }
+        const body = (await (0, micro_1.buffer)(req)).toString();
+        const url = new URL(req.url, `https://${req.headers.host}`).href;
+        console.log({ reqUrl: req.url, url });
+        const isValid = await consumer.verify({ signature, body, url });
+        if (!isValid) {
+            res.status(400);
+            res.send("Invalid signature");
+            return res.end();
+        }
+        try {
+            if (req.headers["content-type"] === "application/json") {
+                req.body = JSON.parse(body);
+            }
+            else {
+                req.body = body;
+            }
+        }
+        catch {
+            req.body = body;
+            console.log("body is not json");
+        }
+        return handler(req, res);
+    };
+}
+exports.verifySignature = verifySignature;

package/types/_dnt.shims.d.ts

@@ -0,0 +1,7 @@
+import { Deno } from "@deno/shim-deno";
+export { Deno } from "@deno/shim-deno";
+export { crypto, type Crypto, type SubtleCrypto, type AlgorithmIdentifier, type Algorithm, type RsaOaepParams, type BufferSource, type AesCtrParams, type AesCbcParams, type AesGcmParams, type CryptoKey, type KeyAlgorithm, type KeyType, type KeyUsage, type EcdhKeyDeriveParams, type HkdfParams, type HashAlgorithmIdentifier, type Pbkdf2Params, type AesDerivedKeyParams, type HmacImportParams, type JsonWebKey, type RsaOtherPrimesInfo, type KeyFormat, type RsaHashedKeyGenParams, type RsaKeyGenParams, type BigInteger, type EcKeyGenParams, type NamedCurve, type CryptoKeyPair, type AesKeyGenParams, type HmacKeyGenParams, type RsaHashedImportParams, type EcKeyImportParams, type AesKeyAlgorithm, type RsaPssParams, type EcdsaParams } from "@deno/shim-crypto";
+export declare const dntGlobalThis: Omit<typeof globalThis, "crypto" | "Deno"> & {
+    Deno: typeof Deno;
+    crypto: import("@deno/shim-crypto").Crypto;
+};

package/types/consumer.d.ts

@@ -0,0 +1,43 @@
+export declare type ConsumerConfig = {
+    currentSigningKey: string;
+    nextSigningKey: string;
+};
+export declare type VerifyRequest = {
+    /**
+     * The signature from the `upstash-signature` header.
+     */
+    signature: string;
+    /**
+     * The raw request body.
+     */
+    body: string;
+    /**
+     * URL of the endpoint where the request was sent to.
+     */
+    url: string;
+};
+export declare class SignatureError extends Error {
+    constructor(message: string);
+}
+/**
+ * Consumer offers a simlpe way to verify the signature of a request.
+ */
+export declare class Consumer {
+    private readonly currentSigningKey;
+    private readonly nextSigningKey;
+    constructor(config: ConsumerConfig);
+    /**
+     * Verify the signature of a request.
+     *
+     * Tries to verify the signature with the current signing key.
+     * If that fails, maybe because you have rotated the keys recently, it will
+     * try to verify the signature with the next signing key.
+     *
+     * If that fails, the signature is invalid and a `SignatureError` is thrown.
+     */
+    verify(req: VerifyRequest): Promise<boolean>;
+    /**
+     * Verify signature with a specific signing key
+     */
+    private verifyWithKey;
+}

package/types/deps/deno.land/std@0.144.0/encoding/base64.d.ts

@@ -0,0 +1,11 @@
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+export declare function encode(data: ArrayBuffer | string): string;
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+export declare function decode(b64: string): Uint8Array;

package/types/deps/deno.land/std@0.144.0/encoding/base64url.d.ts

@@ -0,0 +1,11 @@
+export declare function addPaddingToBase64url(base64url: string): string;
+/**
+ * Encodes a given ArrayBuffer or string into a base64url representation
+ * @param data
+ */
+export declare function encode(data: ArrayBuffer | string): string;
+/**
+ * Converts given base64url encoded data back to original
+ * @param b64url
+ */
+export declare function decode(b64url: string): Uint8Array;

package/types/entrypoints/nextjs.d.ts

@@ -0,0 +1,6 @@
+import type { NextApiHandler } from "next";
+export declare type VerifySignaturConfig = {
+    currentSigningKey?: string;
+    nextSigningKey?: string;
+};
+export declare function verifySignature(handler: NextApiHandler, config?: VerifySignaturConfig): NextApiHandler;

package/esm/client.js

@@ -1,133 +0,0 @@
-import { HttpClient } from "./http.js";
-import { Topics } from "./topics.js";
-import { Messages } from "./messages.js";
-import { Schedules } from "./schedules.js";
-import { Endpoints } from "./endpoints.js";
-export class Client {
-    constructor(config) {
-        Object.defineProperty(this, "http", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        this.http = new HttpClient({
-            baseUrl: config.baseUrl
-                ? config.baseUrl.replace(/\/$/, "")
-                : "https://qstash.upstash.io",
-            authorization: config.authorization,
-        });
-    }
-    /**
-     * Access the topic API.
-     *
-     * Create, read, update or delete topics.
-     */
-    get topics() {
-        return new Topics(this.http);
-    }
-    /**
-     * Access the endpoint API.
-     *
-     * Create, read, update or delete endpoints.
-     */
-    get endpoints() {
-        return new Endpoints(this.http);
-    }
-    /**
-     * Access the message API.
-     *
-     * Read or cancel messages.
-     */
-    get messages() {
-        return new Messages(this.http);
-    }
-    /**
-     * Access the schedule API.
-     *
-     * Read or delete schedules.
-     */
-    get schedules() {
-        return new Schedules(this.http);
-    }
-    async publish(req) {
-        const destination = req.url ?? req.topic;
-        if (!destination) {
-            throw new Error("Either url or topic must be set");
-        }
-        const headers = new Headers(req.headers);
-        if (req.delay) {
-            headers.set("Upstash-Delay", req.delay.toFixed());
-        }
-        if (req.notBefore) {
-            headers.set("Upstash-Not-Before", req.notBefore.toFixed());
-        }
-        if (req.deadline) {
-            headers.set("Upstash-Deadline", req.deadline.toFixed());
-        }
-        if (req.deduplicationID) {
-            headers.set("Upstash-Deduplication-ID", req.deduplicationID);
-        }
-        if (req.contentBasedDeduplication) {
-            headers.set("Upstash-Content-Based-Deduplication", "true");
-        }
-        if (req.retries) {
-            headers.set("Upstash-Retries", req.retries.toFixed());
-        }
-        if (req.cron) {
-            headers.set("Upstash-Cron", req.cron);
-        }
-        const res = await this.http.request({
-            path: ["v1", "publish", destination],
-            body: req.body,
-            headers,
-            method: "POST",
-        });
-        return res;
-    }
-    /**
-     * publishJSON is a utility wrapper around `publish` that automatically serializes the body
-     * and sets the `Content-Type` header to `application/json`.
-     */
-    async publishJSON(req) {
-        const headers = new Headers(req.headers);
-        headers.set("Content-Type", "application/json");
-        const res = await this.publish({
-            ...req,
-            headers,
-            body: JSON.stringify(req.body),
-        });
-        return res;
-    }
-    /**
-     * Retrieve your logs.
-     *
-     * The logs endpoint is paginated and returns only 100 logs at a time.
-     * If you want to receive more logs, you can use the cursor to paginate.
-     *
-     * The cursor is a unix timestamp with millisecond precision
-     *
-     * @example
-     * ```ts
-     * let cursor = Date.now()
-     * const logs: Log[] = []
-     * while (cursor > 0) {
-     *   const res = await qstash.logs({ cursor })
-     *   logs.push(...res.logs)
-     *   cursor = res.cursor ?? 0
-     * }
-     * ```
-     */
-    async logs(req) {
-        const query = {};
-        if (req?.cursor && req.cursor > 0) {
-            query["cursor"] = req.cursor;
-        }
-        const res = await this.http.request({
-            path: ["v1", "logs"],
-            method: "GET",
-            query,
-        });
-        return res;
-    }
-}

package/esm/endpoints.js

@@ -1,63 +0,0 @@
-export class Endpoints {
-    constructor(http) {
-        Object.defineProperty(this, "http", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: void 0
-        });
-        this.http = http;
-    }
-    /**
-     * Create a new endpoint with the given name.
-     */
-    async create(req) {
-        return await this.http.request({
-            method: "POST",
-            path: ["v1", "endpoints"],
-            body: JSON.stringify(req),
-            headers: { "Content-Type": "application/json" },
-        });
-    }
-    /**
-     * Get a list of all endpoints.
-     */
-    async list() {
-        return await this.http.request({
-            method: "GET",
-            path: ["v1", "endpoints"],
-            headers: { "Content-Type": "application/json" },
-        });
-    }
-    /**
-     * Get a single endpoint.
-     */
-    async get(req) {
-        return await this.http.request({
-            method: "GET",
-            path: ["v1", "endpoints", req.id],
-            headers: { "Content-Type": "application/json" },
-        });
-    }
-    /**
-     * Update a endpoint
-     */
-    async update(req) {
-        return await this.http.request({
-            method: "PUT",
-            path: ["v1", "endpoints", req.id],
-            body: JSON.stringify({ url: req.url }),
-            headers: { "Content-Type": "application/json" },
-        });
-    }
-    /**
-     * Delete a endpoint.
-     */
-    async delete(req) {
-        return await this.http.request({
-            method: "DELETE",
-            path: ["v1", "endpoints", req.id],
-            headers: { "Content-Type": "application/json" },
-        });
-    }
-}

package/esm/error.js

@@ -1,9 +0,0 @@
-/**
- * Result of 500 Internal Server Error
- */
-export class QstashError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "QstashError";
-    }
-}