@workos-inc/node 7.4.0 → 7.5.0-beta.node-compatibility

package/lib/webhooks/webhooks.js

@@ -12,9 +12,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Webhooks = void 0;
 const exceptions_1 = require("../common/exceptions");
 const serializers_1 = require("../common/serializers");
+const crypto_1 = require("../common/crypto");
 class Webhooks {
-    constructor() {
-        this.encoder = new TextEncoder();
+    constructor(subtleCrypto) {
+        if (typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined') {
+            this.cryptoProvider = new crypto_1.SubtleCryptoProvider(subtleCrypto);
+        }
+        else {
+            this.cryptoProvider = new crypto_1.NodeCryptoProvider();
+        }
     }
     constructEvent({ payload, sigHeader, secret, tolerance = 180000, }) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -34,7 +40,8 @@ class Webhooks {
                 throw new exceptions_1.SignatureVerificationException('Timestamp outside the tolerance zone');
             }
             const expectedSig = yield this.computeSignature(timestamp, payload, secret);
-            if ((yield this.secureCompare(expectedSig, signatureHash)) === false) {
+            if ((yield this.cryptoProvider.secureCompare(expectedSig, signatureHash)) ===
+                false) {
                 throw new exceptions_1.SignatureVerificationException('Signature hash does not match the expected signature hash for payload');
             }
             return true;
@@ -54,41 +61,8 @@ class Webhooks {
         return __awaiter(this, void 0, void 0, function* () {
             payload = JSON.stringify(payload);
             const signedPayload = `${timestamp}.${payload}`;
-            const key = yield crypto.subtle.importKey('raw', this.encoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
-            const signatureBuffer = yield crypto.subtle.sign('HMAC', key, this.encoder.encode(signedPayload));
-            // crypto.subtle returns the signature in base64 format. This must be
-            // encoded in hex to match the CryptoProvider contract. We map each byte in
-            // the buffer to its corresponding hex octet and then combine into a string.
-            const signatureBytes = new Uint8Array(signatureBuffer);
-            const signatureHexCodes = new Array(signatureBytes.length);
-            for (let i = 0; i < signatureBytes.length; i++) {
-                signatureHexCodes[i] = byteHexMapping[signatureBytes[i]];
-            }
-            return signatureHexCodes.join('');
-        });
-    }
-    secureCompare(stringA, stringB) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const bufferA = this.encoder.encode(stringA);
-            const bufferB = this.encoder.encode(stringB);
-            if (bufferA.length !== bufferB.length) {
-                return false;
-            }
-            const algorithm = { name: 'HMAC', hash: 'SHA-256' };
-            const key = (yield crypto.subtle.generateKey(algorithm, false, [
-                'sign',
-                'verify',
-            ]));
-            const hmac = yield crypto.subtle.sign(algorithm, key, bufferA);
-            const equal = yield crypto.subtle.verify(algorithm, key, hmac, bufferB);
-            return equal;
+            return yield this.cryptoProvider.computeHMACSignatureAsync(signedPayload, secret);
         });
     }
 }
 exports.Webhooks = Webhooks;
-// Cached mapping of byte to hex representation. We do this once to avoid re-
-// computing every time we need to convert the result of a signature to hex.
-const byteHexMapping = new Array(256);
-for (let i = 0; i < byteHexMapping.length; i++) {
-    byteHexMapping[i] = i.toString(16).padStart(2, '0');
-}

package/lib/webhooks/webhooks.spec.js

@@ -17,6 +17,7 @@ const workos_1 = require("../workos");
 const webhook_json_1 = __importDefault(require("./fixtures/webhook.json"));
 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
 const exceptions_1 = require("../common/exceptions");
+const crypto_2 = require("../common/crypto");
 describe('Webhooks', () => {
     let payload;
     let secret;
@@ -187,4 +188,32 @@ describe('Webhooks', () => {
             expect(signature).toEqual(signatureHash);
         }));
     });
+    describe('when in an environment that supports SubtleCrypto', () => {
+        it('automatically uses the subtle crypto library', () => {
+            // tslint:disable-next-line
+            expect(workos.webhooks['cryptoProvider']).toBeInstanceOf(crypto_2.SubtleCryptoProvider);
+        });
+    });
+    describe('CryptoProvider', () => {
+        describe('when computing HMAC signature', () => {
+            it('returns the same for the Node crypto and Web Crypto versions', () => __awaiter(void 0, void 0, void 0, function* () {
+                const nodeCryptoProvider = new crypto_2.NodeCryptoProvider();
+                const subtleCryptoProvider = new crypto_2.SubtleCryptoProvider();
+                const stringifiedPayload = JSON.stringify(payload);
+                const payloadHMAC = `${timestamp}.${stringifiedPayload}`;
+                const nodeCompare = yield nodeCryptoProvider.computeHMACSignatureAsync(payloadHMAC, secret);
+                const subtleCompare = yield subtleCryptoProvider.computeHMACSignatureAsync(payloadHMAC, secret);
+                expect(nodeCompare).toEqual(subtleCompare);
+            }));
+        });
+        describe('when securely comparing', () => {
+            it('returns the same for the Node crypto and Web Crypto versions', () => __awaiter(void 0, void 0, void 0, function* () {
+                const nodeCryptoProvider = new crypto_2.NodeCryptoProvider();
+                const subtleCryptoProvider = new crypto_2.SubtleCryptoProvider();
+                const signature = yield workos.webhooks.computeSignature(timestamp, payload, secret);
+                expect(nodeCryptoProvider.secureCompare(signature, signatureHash)).toEqual(subtleCryptoProvider.secureCompare(signature, signatureHash));
+                expect(nodeCryptoProvider.secureCompare(signature, 'foo')).toEqual(subtleCryptoProvider.secureCompare(signature, 'foo'));
+            }));
+        });
+    });
 });

package/lib/workos.d.ts

@@ -39,5 +39,5 @@ export declare class WorkOS {
     }>;
     delete(path: string, query?: any): Promise<void>;
     emitWarning(warning: string): void;
-    private handleFetchError;
+    private handleHttpError;
 }

package/lib/workos.js

@@ -23,8 +23,8 @@ const mfa_1 = require("./mfa/mfa");
 const audit_logs_1 = require("./audit-logs/audit-logs");
 const user_management_1 = require("./user-management/user-management");
 const bad_request_exception_1 = require("./common/exceptions/bad-request.exception");
-const fetch_client_1 = require("./common/utils/fetch-client");
-const VERSION = '7.4.0';
+const net_1 = require("./common/net");
+const VERSION = '7.5.0';
 const DEFAULT_HOSTNAME = 'api.workos.com';
 class WorkOS {
     constructor(key, options = {}) {
@@ -64,7 +64,7 @@ class WorkOS {
             const { name, version } = options.appInfo;
             userAgent += ` ${name}: ${version}`;
         }
-        this.client = new fetch_client_1.FetchClient(this.baseURL, Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }));
+        this.client = (0, net_1.createHttpClient)(this.baseURL, Object.assign(Object.assign({}, options.config), { headers: Object.assign(Object.assign({}, (_a = options.config) === null || _a === void 0 ? void 0 : _a.headers), { Authorization: `Bearer ${this.key}`, 'User-Agent': userAgent }) }), options.fetchFn);
     }
     get version() {
         return VERSION;
@@ -76,13 +76,14 @@ class WorkOS {
                 requestHeaders['Idempotency-Key'] = options.idempotencyKey;
             }
             try {
-                return yield this.client.post(path, entity, {
+                const res = yield this.client.post(path, entity, {
                     params: options.query,
                     headers: requestHeaders,
                 });
+                return { data: yield res.toJSON() };
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -91,15 +92,16 @@ class WorkOS {
         return __awaiter(this, void 0, void 0, function* () {
             try {
                 const { accessToken } = options;
-                return yield this.client.get(path, {
+                const res = yield this.client.get(path, {
                     params: options.query,
                     headers: accessToken
                         ? { Authorization: `Bearer ${accessToken}` }
                         : undefined,
                 });
+                return { data: yield res.toJSON() };
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -111,13 +113,14 @@ class WorkOS {
                 requestHeaders['Idempotency-Key'] = options.idempotencyKey;
             }
             try {
-                return yield this.client.put(path, entity, {
+                const res = yield this.client.put(path, entity, {
                     params: options.query,
                     headers: requestHeaders,
                 });
+                return { data: yield res.toJSON() };
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -130,7 +133,7 @@ class WorkOS {
                 });
             }
             catch (error) {
-                this.handleFetchError({ path, error });
+                this.handleHttpError({ path, error });
                 throw error;
             }
         });
@@ -143,12 +146,15 @@ class WorkOS {
         }
         return process.emitWarning(warning, 'WorkOS');
     }
-    handleFetchError({ path, error }) {
+    handleHttpError({ path, error }) {
         var _a;
+        if (!(error instanceof net_1.HttpClientError)) {
+            throw new Error(`Unexpected error: ${error}`);
+        }
         const { response } = error;
         if (response) {
             const { status, data, headers } = response;
-            const requestID = (_a = headers.get('X-Request-ID')) !== null && _a !== void 0 ? _a : '';
+            const requestID = (_a = headers['X-Request-ID']) !== null && _a !== void 0 ? _a : '';
             const { code, error_description: errorDescription, error, errors, message, } = data;
             switch (status) {
                 case 401: {

package/lib/workos.spec.js

@@ -18,6 +18,7 @@ const promises_1 = __importDefault(require("fs/promises"));
 const exceptions_1 = require("./common/exceptions");
 const workos_1 = require("./workos");
 const rate_limit_exceeded_exception_1 = require("./common/exceptions/rate-limit-exceeded.exception");
+const net_1 = require("./common/net");
 describe('WorkOS', () => {
     beforeEach(() => jest_fetch_mock_1.default.resetMocks());
     describe('constructor', () => {
@@ -95,10 +96,40 @@ describe('WorkOS', () => {
                 });
                 yield workos.post('/somewhere', {});
                 expect((0, test_utils_1.fetchHeaders)()).toMatchObject({
-                    'User-Agent': `workos-node/${packageJson.version} fooApp: 1.0.0`,
+                    'User-Agent': `workos-node/${packageJson.version}/fetch fooApp: 1.0.0`,
                 });
             }));
         });
+        describe('when no `appInfo` option is provided', () => {
+            it('adds the HTTP client name to the user-agent', () => __awaiter(void 0, void 0, void 0, function* () {
+                (0, test_utils_1.fetchOnce)('{}');
+                const packageJson = JSON.parse(yield promises_1.default.readFile('package.json', 'utf8'));
+                const workos = new workos_1.WorkOS('sk_test');
+                yield workos.post('/somewhere', {});
+                expect((0, test_utils_1.fetchHeaders)()).toMatchObject({
+                    'User-Agent': `workos-node/${packageJson.version}/fetch`,
+                });
+            }));
+        });
+        describe('when no `appInfo` option is provided', () => {
+            it('adds the HTTP client name to the user-agent', () => __awaiter(void 0, void 0, void 0, function* () {
+                (0, test_utils_1.fetchOnce)('{}');
+                const packageJson = JSON.parse(yield promises_1.default.readFile('package.json', 'utf8'));
+                const workos = new workos_1.WorkOS('sk_test');
+                yield workos.post('/somewhere', {});
+                expect((0, test_utils_1.fetchHeaders)()).toMatchObject({
+                    'User-Agent': `workos-node/${packageJson.version}/fetch`,
+                });
+            }));
+        });
+        describe('when using an environment that supports fetch', () => {
+            it('automatically uses the fetch HTTP client', () => {
+                const workos = new workos_1.WorkOS('sk_test');
+                // Bracket notation gets past private visibility
+                // tslint:disable-next-line
+                expect(workos['client']).toBeInstanceOf(net_1.FetchHttpClient);
+            });
+        });
     });
     describe('version', () => {
         it('matches the version in `package.json`', () => __awaiter(void 0, void 0, void 0, function* () {
@@ -177,12 +208,34 @@ describe('WorkOS', () => {
             }));
         });
         describe('when the entity is null', () => {
-            it('sends a null body', () => __awaiter(void 0, void 0, void 0, function* () {
+            it('sends an empty string body', () => __awaiter(void 0, void 0, void 0, function* () {
                 (0, test_utils_1.fetchOnce)();
                 const workos = new workos_1.WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU');
                 yield workos.post('/somewhere', null);
-                expect((0, test_utils_1.fetchBody)({ raw: true })).toBeNull();
+                expect((0, test_utils_1.fetchBody)({ raw: true })).toBe('');
             }));
         });
     });
+    describe('when in an environment that does not support fetch', () => {
+        const fetchFn = globalThis.fetch;
+        beforeEach(() => {
+            // @ts-ignore
+            delete globalThis.fetch;
+        });
+        afterEach(() => {
+            globalThis.fetch = fetchFn;
+        });
+        it('automatically uses the node HTTP client', () => {
+            const workos = new workos_1.WorkOS('sk_test_key');
+            // tslint:disable-next-line
+            expect(workos['client']).toBeInstanceOf(net_1.NodeHttpClient);
+        });
+        it('uses a fetch function if provided', () => {
+            const workos = new workos_1.WorkOS('sk_test_key', {
+                fetchFn,
+            });
+            // tslint:disable-next-line
+            expect(workos['client']).toBeInstanceOf(net_1.FetchHttpClient);
+        });
+    });
 });

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.4.0",
+  "version": "7.5.0-beta.node-compatibility",
   "name": "@workos-inc/node",
   "author": "WorkOS",
   "description": "A Node wrapper for the WorkOS API",
@@ -13,9 +13,8 @@
     "yarn": "1.22.19"
   },
   "engines": {
-    "node": ">=19"
+    "node": ">=16"
   },
-  "engineStrict": true,
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
   "files": [

package/lib/common/utils/fetch-client.d.ts

@@ -1,31 +0,0 @@
-export declare class FetchClient {
-    readonly baseURL: string;
-    readonly options?: RequestInit | undefined;
-    constructor(baseURL: string, options?: RequestInit | undefined);
-    get(path: string, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    post<Entity = any>(path: string, entity: Entity, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    put<Entity = any>(path: string, entity: Entity, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    delete(path: string, options: {
-        params?: Record<string, any>;
-        headers?: HeadersInit;
-    }): Promise<{
-        data: any;
-    }>;
-    private getResourceURL;
-    private fetch;
-}

package/lib/common/utils/fetch-client.js

@@ -1,108 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.FetchClient = void 0;
-const fetch_error_1 = require("./fetch-error");
-class FetchClient {
-    constructor(baseURL, options) {
-        this.baseURL = baseURL;
-        this.options = options;
-    }
-    get(path, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const resourceURL = this.getResourceURL(path, options.params);
-            return yield this.fetch(resourceURL, {
-                headers: options.headers,
-            });
-        });
-    }
-    post(path, entity, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const resourceURL = this.getResourceURL(path, options.params);
-            return yield this.fetch(resourceURL, {
-                method: 'POST',
-                headers: Object.assign(Object.assign({}, getContentTypeHeader(entity)), options.headers),
-                body: getBody(entity),
-            });
-        });
-    }
-    put(path, entity, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const resourceURL = this.getResourceURL(path, options.params);
-            return yield this.fetch(resourceURL, {
-                method: 'PUT',
-                headers: Object.assign(Object.assign({}, getContentTypeHeader(entity)), options.headers),
-                body: getBody(entity),
-            });
-        });
-    }
-    delete(path, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const resourceURL = this.getResourceURL(path, options.params);
-            return yield this.fetch(resourceURL, {
-                method: 'DELETE',
-                headers: options.headers,
-            });
-        });
-    }
-    getResourceURL(path, params) {
-        const queryString = getQueryString(params);
-        const url = new URL([path, queryString].filter(Boolean).join('?'), this.baseURL);
-        return url.toString();
-    }
-    fetch(url, options) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            const response = yield fetch(url, Object.assign(Object.assign(Object.assign({}, this.options), options), { headers: Object.assign(Object.assign({ Accept: 'application/json, text/plain, */*', 'Content-Type': 'application/json' }, (_a = this.options) === null || _a === void 0 ? void 0 : _a.headers), options === null || options === void 0 ? void 0 : options.headers) }));
-            if (!response.ok) {
-                throw new fetch_error_1.FetchError({
-                    message: response.statusText,
-                    response: {
-                        status: response.status,
-                        headers: response.headers,
-                        data: yield response.json(),
-                    },
-                });
-            }
-            const contentType = response.headers.get('content-type');
-            const isJsonResponse = contentType === null || contentType === void 0 ? void 0 : contentType.includes('application/json');
-            if (isJsonResponse) {
-                return { data: yield response.json() };
-            }
-            return { data: null };
-        });
-    }
-}
-exports.FetchClient = FetchClient;
-function getQueryString(queryObj) {
-    if (!queryObj)
-        return undefined;
-    const sanitizedQueryObj = {};
-    Object.entries(queryObj).forEach(([param, value]) => {
-        if (value !== '' && value !== undefined)
-            sanitizedQueryObj[param] = value;
-    });
-    return new URLSearchParams(sanitizedQueryObj).toString();
-}
-function getContentTypeHeader(entity) {
-    if (entity instanceof URLSearchParams) {
-        return {
-            'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8',
-        };
-    }
-    return undefined;
-}
-function getBody(entity) {
-    if (entity === null || entity instanceof URLSearchParams) {
-        return entity;
-    }
-    return JSON.stringify(entity);
-}