@upstash/qstash 2.1.11 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/nextjs.d.mts +3 -1
  2. package/dist/nextjs.d.ts +3 -1
  3. package/dist/nextjs.js +43 -11
  4. package/dist/nextjs.mjs +42 -10
  5. package/package.json +5 -5
package/dist/nextjs.d.mts CHANGED
@@ -19,5 +19,7 @@ type VerifySignatureConfig = {
19
19
  };
20
20
  declare function verifySignature(handler: NextApiHandler, config?: VerifySignatureConfig): NextApiHandler;
21
21
  declare function verifySignatureEdge(handler: (req: NextRequest, nfe?: NextFetchEvent) => NextResponse | Promise<NextResponse>, config?: VerifySignatureConfig): (req: NextRequest, nfe: NextFetchEvent) => Promise<NextResponse<unknown>>;
22
+ type VerifySignatureAppRouterResponse = NextResponse | Promise<NextResponse>;
23
+ declare function verifySignatureAppRouter(handler: ((req: Request) => VerifySignatureAppRouterResponse) | ((req: NextRequest) => VerifySignatureAppRouterResponse), config?: VerifySignatureConfig): (req: NextRequest | Request) => Promise<NextResponse<unknown>>;
22
24
 
23
- export { VerifySignatureConfig, verifySignature, verifySignatureEdge };
25
+ export { VerifySignatureConfig, verifySignature, verifySignatureAppRouter, verifySignatureEdge };
package/dist/nextjs.d.ts CHANGED
@@ -19,5 +19,7 @@ type VerifySignatureConfig = {
19
19
  };
20
20
  declare function verifySignature(handler: NextApiHandler, config?: VerifySignatureConfig): NextApiHandler;
21
21
  declare function verifySignatureEdge(handler: (req: NextRequest, nfe?: NextFetchEvent) => NextResponse | Promise<NextResponse>, config?: VerifySignatureConfig): (req: NextRequest, nfe: NextFetchEvent) => Promise<NextResponse<unknown>>;
22
+ type VerifySignatureAppRouterResponse = NextResponse | Promise<NextResponse>;
23
+ declare function verifySignatureAppRouter(handler: ((req: Request) => VerifySignatureAppRouterResponse) | ((req: NextRequest) => VerifySignatureAppRouterResponse), config?: VerifySignatureConfig): (req: NextRequest | Request) => Promise<NextResponse<unknown>>;
22
24
 
23
- export { VerifySignatureConfig, verifySignature, verifySignatureEdge };
25
+ export { VerifySignatureConfig, verifySignature, verifySignatureAppRouter, verifySignatureEdge };
package/dist/nextjs.js CHANGED
@@ -113,20 +113,52 @@ function verifySignatureEdge(handler, config) {
113
113
  if (!isValid) {
114
114
  return new (0, _server.NextResponse)(new TextEncoder().encode("invalid signature"), { status: 403 });
115
115
  }
116
- let parsedBody = void 0;
117
- try {
118
- if (req.headers.get("content-type") === "application/json") {
119
- parsedBody = JSON.parse(body);
120
- } else {
121
- parsedBody = body;
122
- }
123
- } catch (e) {
124
- parsedBody = body;
125
- }
126
116
  return handler(reqClone, nfe);
127
117
  });
128
118
  }
119
+ function verifySignatureAppRouter(handler, config) {
120
+ var _a, _b;
121
+ const currentSigningKey = (_a = config == null ? void 0 : config.currentSigningKey) != null ? _a : process.env.QSTASH_CURRENT_SIGNING_KEY;
122
+ if (!currentSigningKey) {
123
+ throw new Error(
124
+ "currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY"
125
+ );
126
+ }
127
+ const nextSigningKey = (_b = config == null ? void 0 : config.nextSigningKey) != null ? _b : process.env.QSTASH_NEXT_SIGNING_KEY;
128
+ if (!nextSigningKey) {
129
+ throw new Error(
130
+ "nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY"
131
+ );
132
+ }
133
+ const receiver = new (0, _chunkEROSIHWEjs.Receiver)({
134
+ currentSigningKey,
135
+ nextSigningKey
136
+ });
137
+ return (req) => _chunkEROSIHWEjs.__async.call(void 0, this, null, function* () {
138
+ const reqClone = req.clone();
139
+ const signature = req.headers.get("upstash-signature");
140
+ if (!signature) {
141
+ return new (0, _server.NextResponse)(new TextEncoder().encode("`Upstash-Signature` header is missing"), {
142
+ status: 403
143
+ });
144
+ }
145
+ if (typeof signature !== "string") {
146
+ throw new Error("`Upstash-Signature` header is not a string");
147
+ }
148
+ const body = yield req.text();
149
+ const isValid = yield receiver.verify({
150
+ signature,
151
+ body,
152
+ clockTolerance: config == null ? void 0 : config.clockTolerance
153
+ });
154
+ if (!isValid) {
155
+ return new (0, _server.NextResponse)(new TextEncoder().encode("invalid signature"), { status: 403 });
156
+ }
157
+ return handler(reqClone);
158
+ });
159
+ }
160
+
129
161
 
130
162
 
131
163
 
132
- exports.verifySignature = verifySignature; exports.verifySignatureEdge = verifySignatureEdge;
164
+ exports.verifySignature = verifySignature; exports.verifySignatureAppRouter = verifySignatureAppRouter; exports.verifySignatureEdge = verifySignatureEdge;
package/dist/nextjs.mjs CHANGED
@@ -113,20 +113,52 @@ function verifySignatureEdge(handler, config) {
113
113
  if (!isValid) {
114
114
  return new NextResponse(new TextEncoder().encode("invalid signature"), { status: 403 });
115
115
  }
116
- let parsedBody = void 0;
117
- try {
118
- if (req.headers.get("content-type") === "application/json") {
119
- parsedBody = JSON.parse(body);
120
- } else {
121
- parsedBody = body;
122
- }
123
- } catch (e) {
124
- parsedBody = body;
125
- }
126
116
  return handler(reqClone, nfe);
127
117
  });
128
118
  }
119
+ function verifySignatureAppRouter(handler, config) {
120
+ var _a, _b;
121
+ const currentSigningKey = (_a = config == null ? void 0 : config.currentSigningKey) != null ? _a : process.env.QSTASH_CURRENT_SIGNING_KEY;
122
+ if (!currentSigningKey) {
123
+ throw new Error(
124
+ "currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY"
125
+ );
126
+ }
127
+ const nextSigningKey = (_b = config == null ? void 0 : config.nextSigningKey) != null ? _b : process.env.QSTASH_NEXT_SIGNING_KEY;
128
+ if (!nextSigningKey) {
129
+ throw new Error(
130
+ "nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY"
131
+ );
132
+ }
133
+ const receiver = new Receiver({
134
+ currentSigningKey,
135
+ nextSigningKey
136
+ });
137
+ return (req) => __async(this, null, function* () {
138
+ const reqClone = req.clone();
139
+ const signature = req.headers.get("upstash-signature");
140
+ if (!signature) {
141
+ return new NextResponse(new TextEncoder().encode("`Upstash-Signature` header is missing"), {
142
+ status: 403
143
+ });
144
+ }
145
+ if (typeof signature !== "string") {
146
+ throw new Error("`Upstash-Signature` header is not a string");
147
+ }
148
+ const body = yield req.text();
149
+ const isValid = yield receiver.verify({
150
+ signature,
151
+ body,
152
+ clockTolerance: config == null ? void 0 : config.clockTolerance
153
+ });
154
+ if (!isValid) {
155
+ return new NextResponse(new TextEncoder().encode("invalid signature"), { status: 403 });
156
+ }
157
+ return handler(reqClone);
158
+ });
159
+ }
129
160
  export {
130
161
  verifySignature,
162
+ verifySignatureAppRouter,
131
163
  verifySignatureEdge
132
164
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@upstash/qstash",
3
- "version": "v2.1.11",
3
+ "version": "v2.2.0",
4
4
  "description": "Official Typescript client for QStash",
5
5
  "repository": {
6
6
  "type": "git",
@@ -26,15 +26,15 @@
26
26
  "dist"
27
27
  ],
28
28
  "devDependencies": {
29
- "@types/crypto-js": "^4.1.1",
29
+ "@biomejs/biome": "^1.3.3",
30
+ "@types/crypto-js": "^4.2.0",
30
31
  "@types/node": "^20.5.7",
31
- "next": "^13.4.19",
32
- "rome": "12.1.3",
32
+ "next": "^14.0.2",
33
33
  "tsup": "^7.2.0",
34
34
  "typescript": "^5.2.2"
35
35
  },
36
36
  "dependencies": {
37
- "crypto-js": "^4.1.1",
37
+ "crypto-js": "^4.2.0",
38
38
  "jose": "^4.14.4"
39
39
  },
40
40
  "typesVersions": {