@zentto/platform-client 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -1
- package/dist/auth/client.d.ts +10 -0
- package/dist/auth/client.d.ts.map +1 -1
- package/dist/auth/client.js +36 -0
- package/dist/auth/client.js.map +1 -1
- package/dist/cache/client.d.ts +3 -0
- package/dist/cache/client.d.ts.map +1 -1
- package/dist/cache/client.js +3 -0
- package/dist/cache/client.js.map +1 -1
- package/dist/events/client.d.ts +94 -0
- package/dist/events/client.d.ts.map +1 -0
- package/dist/events/client.js +208 -0
- package/dist/events/client.js.map +1 -0
- package/dist/events/envelope.d.ts +28 -0
- package/dist/events/envelope.d.ts.map +1 -0
- package/dist/events/envelope.js +38 -0
- package/dist/events/envelope.js.map +1 -0
- package/dist/events/index.d.ts +3 -0
- package/dist/events/index.d.ts.map +1 -0
- package/dist/events/index.js +3 -0
- package/dist/events/index.js.map +1 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -1
- package/dist/internal/circuit.d.ts +33 -0
- package/dist/internal/circuit.d.ts.map +1 -0
- package/dist/internal/circuit.js +73 -0
- package/dist/internal/circuit.js.map +1 -0
- package/dist/internal/errors.d.ts +57 -0
- package/dist/internal/errors.d.ts.map +1 -0
- package/dist/internal/errors.js +96 -0
- package/dist/internal/errors.js.map +1 -0
- package/dist/internal/http.d.ts +29 -9
- package/dist/internal/http.d.ts.map +1 -1
- package/dist/internal/http.js +41 -20
- package/dist/internal/http.js.map +1 -1
- package/dist/notify/client.d.ts +5 -0
- package/dist/notify/client.d.ts.map +1 -1
- package/dist/notify/client.js +13 -0
- package/dist/notify/client.js.map +1 -1
- package/dist/webhooks/index.d.ts +13 -0
- package/dist/webhooks/index.d.ts.map +1 -0
- package/dist/webhooks/index.js +57 -0
- package/dist/webhooks/index.js.map +1 -0
- package/package.json +20 -3
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Helpers para consumir webhooks firmados por Zentto.
|
|
3
|
+
*
|
|
4
|
+
* Cuando Zentto dispara un webhook, incluye el header
|
|
5
|
+
* `X-Zentto-Signature: sha256=<hmac>` donde el HMAC es:
|
|
6
|
+
*
|
|
7
|
+
* hmacSha256(secretHash, rawBody)
|
|
8
|
+
*
|
|
9
|
+
* Nota importante: el firmado se hace con el **secretHash** (lo que Zentto
|
|
10
|
+
* guarda en BD), NO con el secret plain que el admin vio al crear el webhook.
|
|
11
|
+
* El secret plain se mantiene como identificador opaco para la UI del admin;
|
|
12
|
+
* la verificación HMAC usa el hash. Esta nota aplica porque el SDK necesita
|
|
13
|
+
* que el caller sepa cuál usar.
|
|
14
|
+
*
|
|
15
|
+
* Uso típico (Express):
|
|
16
|
+
*
|
|
17
|
+
* app.post("/incoming", bodyParser.raw({ type: "application/json" }), (req, res) => {
|
|
18
|
+
* const sig = req.headers["x-zentto-signature"];
|
|
19
|
+
* const raw = req.body.toString("utf-8");
|
|
20
|
+
* if (!verifySignature(raw, sig, WEBHOOK_SECRET_HASH)) return res.status(401).end();
|
|
21
|
+
* const envelope = JSON.parse(raw);
|
|
22
|
+
* // procesar envelope.eventType, envelope.data, ...
|
|
23
|
+
* });
|
|
24
|
+
*/
|
|
25
|
+
import crypto from "node:crypto";
|
|
26
|
+
/**
|
|
27
|
+
* Verifica que el header `X-Zentto-Signature` matchee el HMAC-SHA256 del
|
|
28
|
+
* body crudo con la clave dada. Usa `timingSafeEqual` para prevenir timing
|
|
29
|
+
* attacks.
|
|
30
|
+
*
|
|
31
|
+
* @param rawBody string UTF-8 del body del POST (NO el parseado JSON).
|
|
32
|
+
* @param signature valor del header X-Zentto-Signature (formato "sha256=<hex>").
|
|
33
|
+
* @param key secret o secretHash según convención del publisher.
|
|
34
|
+
*/
|
|
35
|
+
export function verifySignature(rawBody, signature, key) {
|
|
36
|
+
if (!signature || Array.isArray(signature) || !key)
|
|
37
|
+
return false;
|
|
38
|
+
const match = signature.match(/^sha256=([0-9a-f]{64})$/i);
|
|
39
|
+
if (!match)
|
|
40
|
+
return false;
|
|
41
|
+
const expected = crypto.createHmac("sha256", key).update(rawBody).digest();
|
|
42
|
+
const received = Buffer.from(match[1], "hex");
|
|
43
|
+
if (expected.length !== received.length)
|
|
44
|
+
return false;
|
|
45
|
+
try {
|
|
46
|
+
return crypto.timingSafeEqual(expected, received);
|
|
47
|
+
}
|
|
48
|
+
catch {
|
|
49
|
+
return false;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
/** Firma un body con la misma convención (útil para tests y mocks). */
|
|
53
|
+
export function signBody(rawBody, key) {
|
|
54
|
+
const hmac = crypto.createHmac("sha256", key).update(rawBody).digest("hex");
|
|
55
|
+
return `sha256=${hmac}`;
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/webhooks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,SAAwC,EACxC,GAAW;IAEX,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACjE,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC1D,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;IAC3E,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,GAAW;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5E,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zentto/platform-client",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Cliente tipado para los servicios de plataforma Zentto (notify, cache,
|
|
3
|
+
"version": "0.4.0",
|
|
4
|
+
"description": "Cliente tipado para los servicios de plataforma Zentto (notify, auth, cache, landing, events, webhooks). Uso oficial en ERP, verticals y sitios de tenants clientes.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -25,8 +25,22 @@
|
|
|
25
25
|
"./landing": {
|
|
26
26
|
"types": "./dist/landing/index.d.ts",
|
|
27
27
|
"import": "./dist/landing/index.js"
|
|
28
|
+
},
|
|
29
|
+
"./events": {
|
|
30
|
+
"types": "./dist/events/index.d.ts",
|
|
31
|
+
"import": "./dist/events/index.js"
|
|
32
|
+
},
|
|
33
|
+
"./webhooks": {
|
|
34
|
+
"types": "./dist/webhooks/index.d.ts",
|
|
35
|
+
"import": "./dist/webhooks/index.js"
|
|
28
36
|
}
|
|
29
37
|
},
|
|
38
|
+
"peerDependenciesMeta": {
|
|
39
|
+
"kafkajs": { "optional": true }
|
|
40
|
+
},
|
|
41
|
+
"peerDependencies": {
|
|
42
|
+
"kafkajs": "^2.2.4"
|
|
43
|
+
},
|
|
30
44
|
"files": [
|
|
31
45
|
"dist",
|
|
32
46
|
"README.md",
|
|
@@ -35,6 +49,8 @@
|
|
|
35
49
|
"scripts": {
|
|
36
50
|
"build": "tsc",
|
|
37
51
|
"dev": "tsc --watch",
|
|
52
|
+
"test": "vitest run",
|
|
53
|
+
"test:watch": "vitest",
|
|
38
54
|
"clean": "rm -rf dist",
|
|
39
55
|
"prepublishOnly": "npm run clean && npm run build"
|
|
40
56
|
},
|
|
@@ -59,7 +75,8 @@
|
|
|
59
75
|
},
|
|
60
76
|
"devDependencies": {
|
|
61
77
|
"@types/node": "^25.6.0",
|
|
62
|
-
"typescript": "^5.7.0"
|
|
78
|
+
"typescript": "^5.7.0",
|
|
79
|
+
"vitest": "^3.2.4"
|
|
63
80
|
},
|
|
64
81
|
"engines": {
|
|
65
82
|
"node": ">=20"
|