@upstash/qstash 2.8.3 → 2.9.0-rc

package/nextjs.mjs

@@ -1,21 +1,16 @@
 import {
   Receiver,
   serve
-} from "./chunk-CR3B3DK3.mjs";
+} from "./chunk-WOMVRJIB.mjs";
 
 // platforms/nextjs.ts
 var BAD_REQUEST = 400;
 function verifySignature(handler, config) {
   const currentSigningKey = config?.currentSigningKey ?? process.env.QSTASH_CURRENT_SIGNING_KEY;
-  if (!currentSigningKey) {
-    throw new Error(
-      "currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY"
-    );
-  }
   const nextSigningKey = config?.nextSigningKey ?? process.env.QSTASH_NEXT_SIGNING_KEY;
-  if (!nextSigningKey) {
+  if (!currentSigningKey && !nextSigningKey && !process.env.QSTASH_REGION) {
     throw new Error(
-      "nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY"
+      "currentSigningKey and nextSigningKey are required, either in the config or as env variables (QSTASH_CURRENT_SIGNING_KEY and QSTASH_NEXT_SIGNING_KEY)"
     );
   }
   const receiver = new Receiver({
@@ -33,6 +28,7 @@ function verifySignature(handler, config) {
     if (typeof signature !== "string") {
       throw new TypeError("`Upstash-Signature` header is not a string");
     }
+    const upstashRegion = request.headers["upstash-region"];
     const chunks = [];
     for await (const chunk of request) {
       chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
@@ -41,7 +37,8 @@ function verifySignature(handler, config) {
     const isValid = await receiver.verify({
       signature,
       body,
-      clockTolerance: config?.clockTolerance
+      clockTolerance: config?.clockTolerance,
+      upstashRegion: typeof upstashRegion === "string" ? upstashRegion : void 0
     });
     if (!isValid) {
       response.status(BAD_REQUEST);
@@ -59,15 +56,10 @@ function verifySignature(handler, config) {
 }
 function verifySignatureEdge(handler, config) {
   const currentSigningKey = config?.currentSigningKey ?? process.env.QSTASH_CURRENT_SIGNING_KEY;
-  if (!currentSigningKey) {
-    throw new Error(
-      "currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY"
-    );
-  }
   const nextSigningKey = config?.nextSigningKey ?? process.env.QSTASH_NEXT_SIGNING_KEY;
-  if (!nextSigningKey) {
+  if (!currentSigningKey && !nextSigningKey && !process.env.QSTASH_REGION) {
     throw new Error(
-      "nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY"
+      "currentSigningKey and nextSigningKey are required, either in the config or as env variables (QSTASH_CURRENT_SIGNING_KEY and QSTASH_NEXT_SIGNING_KEY)"
     );
   }
   const receiver = new Receiver({
@@ -85,11 +77,13 @@ function verifySignatureEdge(handler, config) {
     if (typeof signature !== "string") {
       throw new TypeError("`Upstash-Signature` header is not a string");
     }
+    const upstashRegion = request.headers.get("upstash-region");
     const body = await requestClone.text();
     const isValid = await receiver.verify({
       signature,
       body,
-      clockTolerance: config?.clockTolerance
+      clockTolerance: config?.clockTolerance,
+      upstashRegion: upstashRegion ?? void 0
     });
     if (!isValid) {
       return new Response(new TextEncoder().encode("invalid signature"), { status: 403 });
@@ -99,15 +93,10 @@ function verifySignatureEdge(handler, config) {
 }
 function verifySignatureAppRouter(handler, config) {
   const currentSigningKey = config?.currentSigningKey ?? process.env.QSTASH_CURRENT_SIGNING_KEY;
-  if (!currentSigningKey) {
-    throw new Error(
-      "currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY"
-    );
-  }
   const nextSigningKey = config?.nextSigningKey ?? process.env.QSTASH_NEXT_SIGNING_KEY;
-  if (!nextSigningKey) {
+  if (!currentSigningKey && !nextSigningKey && !process.env.QSTASH_REGION) {
     throw new Error(
-      "nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY"
+      "currentSigningKey and nextSigningKey are required, either in the config or as env variables (QSTASH_CURRENT_SIGNING_KEY and QSTASH_NEXT_SIGNING_KEY)"
     );
   }
   const receiver = new Receiver({
@@ -125,11 +114,13 @@ function verifySignatureAppRouter(handler, config) {
     if (typeof signature !== "string") {
       throw new TypeError("`Upstash-Signature` header is not a string");
     }
+    const upstashRegion = request.headers.get("upstash-region");
     const body = await requestClone.text();
     const isValid = await receiver.verify({
       signature,
       body,
-      clockTolerance: config?.clockTolerance
+      clockTolerance: config?.clockTolerance,
+      upstashRegion: upstashRegion ?? void 0
     });
     if (!isValid) {
       return new Response(new TextEncoder().encode("invalid signature"), { status: 403 });

package/nuxt.js

@@ -360,6 +360,93 @@ var H3Response = globalThis.Response;
 // src/receiver.ts
 var jose = __toESM(require("jose"));
 var import_crypto_js = __toESM(require("crypto-js"));
+
+// src/client/utils.ts
+function getSafeEnvironment() {
+  return typeof process === "undefined" ? {} : process.env;
+}
+
+// src/client/multi-region/utils.ts
+var VALID_REGIONS = ["EU_CENTRAL_1", "US_EAST_1"];
+var getRegionFromEnvironment = (environment) => {
+  const region = environment.QSTASH_REGION;
+  return normalizeRegionHeader(region);
+};
+function readEnvironmentVariables(environmentVariables, environment, region) {
+  const result = {};
+  for (const variable of environmentVariables) {
+    const key = region ? `${region}_${variable}` : variable;
+    result[variable] = environment[key];
+  }
+  return result;
+}
+function readReceiverEnvironmentVariables(environment, region) {
+  return readEnvironmentVariables(
+    ["QSTASH_CURRENT_SIGNING_KEY", "QSTASH_NEXT_SIGNING_KEY"],
+    environment,
+    region
+  );
+}
+function normalizeRegionHeader(region) {
+  if (!region) {
+    return void 0;
+  }
+  region = region.replaceAll("-", "_").toUpperCase();
+  if (VALID_REGIONS.includes(region)) {
+    return region;
+  }
+  console.warn(
+    `[Upstash QStash] Invalid UPSTASH_REGION header value: "${region}". Expected one of: ${VALID_REGIONS.join(
+      ", "
+    )}.`
+  );
+  return void 0;
+}
+
+// src/client/multi-region/incoming.ts
+var getReceiverSigningKeys = ({
+  environment,
+  regionFromHeader,
+  config
+}) => {
+  if (config?.currentSigningKey && config.nextSigningKey) {
+    return {
+      currentSigningKey: config.currentSigningKey,
+      nextSigningKey: config.nextSigningKey
+    };
+  }
+  const regionEnvironment = getRegionFromEnvironment(environment);
+  if (regionEnvironment) {
+    const regionHeader = normalizeRegionHeader(regionFromHeader);
+    if (regionHeader) {
+      const regionCreds = readReceiverEnvironmentVariables(environment, regionHeader);
+      if (regionCreds.QSTASH_CURRENT_SIGNING_KEY && regionCreds.QSTASH_NEXT_SIGNING_KEY) {
+        return {
+          currentSigningKey: regionCreds.QSTASH_CURRENT_SIGNING_KEY,
+          nextSigningKey: regionCreds.QSTASH_NEXT_SIGNING_KEY,
+          region: regionHeader
+        };
+      } else {
+        console.warn(
+          `[Upstash QStash] Signing keys not found for region "${regionHeader}". Falling back to default signing keys.`
+        );
+      }
+    } else {
+      console.warn(
+        `[Upstash QStash] Invalid UPSTASH_REGION header value: "${regionFromHeader}". Expected one of: EU-CENTRAL-1, US-EAST-1. Falling back to default signing keys.`
+      );
+    }
+  }
+  const defaultCreds = readReceiverEnvironmentVariables(environment);
+  if (defaultCreds.QSTASH_CURRENT_SIGNING_KEY && defaultCreds.QSTASH_NEXT_SIGNING_KEY) {
+    return {
+      currentSigningKey: defaultCreds.QSTASH_CURRENT_SIGNING_KEY,
+      nextSigningKey: defaultCreds.QSTASH_NEXT_SIGNING_KEY
+    };
+  }
+};
+
+// src/receiver.ts
 var SignatureError = class extends Error {
   constructor(message) {
     super(message);
@@ -370,8 +457,8 @@ var Receiver = class {
   currentSigningKey;
   nextSigningKey;
   constructor(config) {
-    this.currentSigningKey = config.currentSigningKey;
-    this.nextSigningKey = config.nextSigningKey;
+    this.currentSigningKey = config?.currentSigningKey;
+    this.nextSigningKey = config?.nextSigningKey;
   }
   /**
    * Verify the signature of a request.
@@ -383,11 +470,25 @@ var Receiver = class {
    * If that fails, the signature is invalid and a `SignatureError` is thrown.
    */
   async verify(request) {
+    const environment = getSafeEnvironment();
+    const signingKeys = getReceiverSigningKeys({
+      environment,
+      regionFromHeader: request.upstashRegion,
+      config: {
+        currentSigningKey: this.currentSigningKey,
+        nextSigningKey: this.nextSigningKey
+      }
+    });
+    if (!signingKeys) {
+      throw new Error(
+        "[Upstash QStash] No signing keys available for verification. See the warning above for more details."
+      );
+    }
     let payload;
     try {
-      payload = await this.verifyWithKey(this.currentSigningKey, request);
+      payload = await this.verifyWithKey(signingKeys.currentSigningKey, request);
     } catch {
-      payload = await this.verifyWithKey(this.nextSigningKey, request);
+      payload = await this.verifyWithKey(signingKeys.nextSigningKey, request);
     }
     this.verifyBodyAndUrl(payload, request);
     return true;
@@ -429,15 +530,10 @@ var import_neverthrow3 = require("neverthrow");
 // platforms/h3.ts
 var verifySignatureH3 = (handler, config) => {
   const currentSigningKey = config?.currentSigningKey ?? process.env.QSTASH_CURRENT_SIGNING_KEY;
-  if (!currentSigningKey) {
-    throw new Error(
-      "currentSigningKey is required, either in the config or as env variable QSTASH_CURRENT_SIGNING_KEY"
-    );
-  }
   const nextSigningKey = config?.nextSigningKey ?? process.env.QSTASH_NEXT_SIGNING_KEY;
-  if (!nextSigningKey) {
+  if (!currentSigningKey && !nextSigningKey && !process.env.QSTASH_REGION) {
     throw new Error(
-      "nextSigningKey is required, either in the config or as env variable QSTASH_NEXT_SIGNING_KEY"
+      "currentSigningKey and nextSigningKey are required, either in the config or as env variables (QSTASH_CURRENT_SIGNING_KEY and QSTASH_NEXT_SIGNING_KEY)"
     );
   }
   const receiver = new Receiver({
@@ -452,11 +548,13 @@ var verifySignatureH3 = (handler, config) => {
     if (typeof signature !== "string") {
       throw new TypeError("`Upstash-Signature` header is not a string");
     }
+    const upstashRegion = getHeader(event, "upstash-region");
     const body = await readRawBody(event);
     const isValid = await receiver.verify({
       signature,
       body: JSON.stringify(body),
-      clockTolerance: config?.clockTolerance
+      clockTolerance: config?.clockTolerance,
+      upstashRegion: typeof upstashRegion === "string" ? upstashRegion : void 0
     });
     if (!isValid) {
       return { status: 403, body: "invalid signature" };

package/nuxt.mjs

@@ -1,8 +1,8 @@
 import {
   verifySignatureH3
-} from "./chunk-TLUU4FA7.mjs";
-import "./chunk-5ACKA46J.mjs";
-import "./chunk-CR3B3DK3.mjs";
+} from "./chunk-PB5UCB6Z.mjs";
+import "./chunk-NU64UBMT.mjs";
+import "./chunk-WOMVRJIB.mjs";
 
 // platforms/nuxt.ts
 var verifySignatureNuxt = verifySignatureH3;

package/package.json

@@ -1 +1 @@
-{"version":"v2.8.3","name":"@upstash/qstash","description":"Official Typescript client for QStash","author":"Andreas Thomas <dev@chronark.com>","license":"MIT","homepage":"https://github.com/upstash/sdk-qstash-ts#readme","repository":{"type":"git","url":"git+https://github.com/upstash/sdk-qstash-ts.git"},"bugs":{"url":"https://github.com/upstash/sdk-qstash-ts/issues"},"main":"./index.js","module":"./index.mjs","types":"./index.d.ts","files":["./*"],"exports":{".":{"import":"./index.mjs","require":"./index.js"},"./dist/nextjs":{"import":"./nextjs.mjs","require":"./nextjs.js"},"./nextjs":{"import":"./nextjs.mjs","require":"./nextjs.js"},"./h3":{"import":"./h3.mjs","require":"./h3.js"},"./nuxt":{"import":"./nuxt.mjs","require":"./nuxt.js"},"./svelte":{"import":"./svelte.mjs","require":"./svelte.js"},"./solidjs":{"import":"./solidjs.mjs","require":"./solidjs.js"},"./workflow":{"import":"./workflow.mjs","require":"./workflow.js"},"./hono":{"import":"./hono.mjs","require":"./hono.js"},"./cloudflare":{"import":"./cloudflare.mjs","require":"./cloudflare.js"}},"keywords":["qstash","queue","events","serverless","upstash"],"scripts":{"build":"tsup && cp README.md ./dist/ && cp package.json ./dist/ && cp LICENSE ./dist/","test":"bun test src","fmt":"prettier --write .","lint":"tsc && eslint \"{src,platforms}/**/*.{js,ts,tsx}\" --quiet --fix","check-exports":"bun run build && cd dist && attw -P"},"devDependencies":{"@commitlint/cli":"^19.2.2","@commitlint/config-conventional":"^19.2.2","@eslint/eslintrc":"^3.1.0","@eslint/js":"^9.10.0","@solidjs/start":"^1.0.6","@sveltejs/kit":"^2.5.18","@types/bun":"^1.1.1","@types/crypto-js":"^4.2.0","@typescript-eslint/eslint-plugin":"^8.4.0","@typescript-eslint/parser":"^8.4.0","ai":"^3.1.28","bun-types":"^1.1.7","eslint":"^9.10.0","eslint-plugin-unicorn":"^51.0.1","h3":"^1.12.0","hono":"^4.5.8","husky":"^9.0.10","next":"^14.0.2","prettier":"^3.2.5","tsup":"latest","typescript":"^5.4.5","undici-types":"^6.16.0","vitest":"latest"},"dependencies":{"crypto-js":">=4.2.0","jose":"^5.2.3","neverthrow":"^7.0.1"}}
+{"version":"v2.9.0-rc","name":"@upstash/qstash","description":"Official Typescript client for QStash","author":"Andreas Thomas <dev@chronark.com>","license":"MIT","homepage":"https://github.com/upstash/sdk-qstash-ts#readme","repository":{"type":"git","url":"git+https://github.com/upstash/sdk-qstash-ts.git"},"bugs":{"url":"https://github.com/upstash/sdk-qstash-ts/issues"},"main":"./index.js","module":"./index.mjs","types":"./index.d.ts","files":["./*"],"exports":{".":{"import":"./index.mjs","require":"./index.js"},"./dist/nextjs":{"import":"./nextjs.mjs","require":"./nextjs.js"},"./nextjs":{"import":"./nextjs.mjs","require":"./nextjs.js"},"./h3":{"import":"./h3.mjs","require":"./h3.js"},"./nuxt":{"import":"./nuxt.mjs","require":"./nuxt.js"},"./svelte":{"import":"./svelte.mjs","require":"./svelte.js"},"./solidjs":{"import":"./solidjs.mjs","require":"./solidjs.js"},"./workflow":{"import":"./workflow.mjs","require":"./workflow.js"},"./hono":{"import":"./hono.mjs","require":"./hono.js"},"./cloudflare":{"import":"./cloudflare.mjs","require":"./cloudflare.js"}},"keywords":["qstash","queue","events","serverless","upstash"],"scripts":{"build":"tsup && cp README.md ./dist/ && cp package.json ./dist/ && cp LICENSE ./dist/","test":"bun test src","fmt":"prettier --write .","lint":"tsc && eslint \"{src,platforms}/**/*.{js,ts,tsx}\" --quiet --fix","check-exports":"bun run build && cd dist && attw -P"},"devDependencies":{"@commitlint/cli":"^19.2.2","@commitlint/config-conventional":"^19.2.2","@eslint/eslintrc":"^3.1.0","@eslint/js":"^9.10.0","@solidjs/start":"^1.0.6","@sveltejs/kit":"^2.5.18","@types/bun":"^1.1.1","@types/crypto-js":"^4.2.0","@typescript-eslint/eslint-plugin":"^8.4.0","@typescript-eslint/parser":"^8.4.0","bun-types":"^1.1.7","eslint":"^9.10.0","eslint-plugin-unicorn":"^51.0.1","h3":"^1.12.0","hono":"^4.5.8","husky":"^9.0.10","next":"^14.0.2","prettier":"^3.2.5","tsup":"latest","typescript":"^5.4.5","undici-types":"^6.16.0","vitest":"latest"},"dependencies":{"crypto-js":">=4.2.0","jose":"^5.2.3","neverthrow":"^7.0.1"}}

package/solidjs.d.mts

@@ -1,5 +1,5 @@
 import { APIHandler, APIEvent } from '@solidjs/start/server';
-import { a9 as RouteFunction, aa as WorkflowServeOptions } from './client-BpQp_dGA.mjs';
+import { a9 as RouteFunction, aa as WorkflowServeOptions } from './client-BVG9vt90.mjs';
 import 'neverthrow';
 
 type VerifySignatureConfig = {

package/solidjs.d.ts

@@ -1,5 +1,5 @@
 import { APIHandler, APIEvent } from '@solidjs/start/server';
-import { a9 as RouteFunction, aa as WorkflowServeOptions } from './client-BpQp_dGA.js';
+import { a9 as RouteFunction, aa as WorkflowServeOptions } from './client-BVG9vt90.js';
 import 'neverthrow';
 
 type VerifySignatureConfig = {