box-node-sdk 1.36.0 → 1.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -2
- package/README.md +1 -1
- package/lib/managers/metadata.js +1 -0
- package/lib/managers/webhooks.js +13 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## Next Release
|
|
4
|
+
|
|
5
|
+
**New Features and Enhancements:**
|
|
6
|
+
|
|
7
|
+
- Add support for copyInstanceOnItemCopy field for metadata templates ([#572](https://github.com/box/box-node-sdk/pull/572))
|
|
8
|
+
|
|
9
|
+
**Bug Fixes:**
|
|
10
|
+
|
|
11
|
+
- Fix webhook signature validation ([#568](https://github.com/box/box-node-sdk/pull/568))
|
|
12
|
+
- Update dependencies to patch security vulnerabilities ([#578](https://github.com/box/box-node-sdk/pull/578))
|
|
13
|
+
|
|
3
14
|
## 1.36.0 (2020-01-27)
|
|
4
15
|
|
|
5
16
|
**New Features and Enhancements:**
|
|
@@ -163,11 +174,11 @@ to specify a client ID and secret (thanks to @cbetta)
|
|
|
163
174
|
|
|
164
175
|
## 1.16.0 [2018-04-10]
|
|
165
176
|
|
|
166
|
-
- Added support for [assigning Retention Policies to Metadata Templates](https://github.com/box/box-node-sdk/blob/
|
|
177
|
+
- Added support for [assigning Retention Policies to Metadata Templates](https://github.com/box/box-node-sdk/blob/main/docs/retention-policies.md#assign-retention-policy)
|
|
167
178
|
|
|
168
179
|
## 1.15.0 [2018-03-29]
|
|
169
180
|
|
|
170
|
-
- Fixed [`client.webhooks.validateMessage() and `sdk.validateWebhookMessage()`](https://github.com/box/box-node-sdk/blob/
|
|
181
|
+
- Fixed [`client.webhooks.validateMessage() and `sdk.validateWebhookMessage()`](https://github.com/box/box-node-sdk/blob/main/docs/webhooks.md#validate-a-webhook-message)
|
|
171
182
|
to accept the request body as an `Object`
|
|
172
183
|
- Fixed `sdk.configure()` to correct reconfigure all options
|
|
173
184
|
- Improved error messages for API errors and added the request object as `error.request` for easier debugging
|
package/README.md
CHANGED
|
@@ -184,7 +184,7 @@ client.comments.delete('456')
|
|
|
184
184
|
|
|
185
185
|
For complete documentation about the available operations, please see
|
|
186
186
|
the [SDK documentation pages](./docs) and the auto-generated
|
|
187
|
-
[JSDocs](https://rawgit.com/box/box-node-sdk/
|
|
187
|
+
[JSDocs](https://rawgit.com/box/box-node-sdk/main/docs/jsdoc/index.html).
|
|
188
188
|
These contain detailed information about which methods are available and
|
|
189
189
|
how to use them.
|
|
190
190
|
|
package/lib/managers/metadata.js
CHANGED
|
@@ -148,6 +148,7 @@ Metadata.prototype = {
|
|
|
148
148
|
* @param {string} [options.templateKey] - The programmatic key for the template
|
|
149
149
|
* @param {boolean} [options.hidden] - Whether the template should be hidden in the UI
|
|
150
150
|
* @param {string} [options.scope=enterprise] - The scope for the template, only 'enterprise' is supported for now
|
|
151
|
+
* @param {boolean} [options.copyInstanceOnItemCopy] - Whether to include the metadata when a file or folder is copied
|
|
151
152
|
* @param {Function} [callback] - Passed the template if successful, error otherwise
|
|
152
153
|
* @returns {Promise<Object>} A promise resolving to the created template
|
|
153
154
|
*/
|
package/lib/managers/webhooks.js
CHANGED
|
@@ -110,6 +110,17 @@ function validateDeliveryTimestamp(headers, maxMessageAge) {
|
|
|
110
110
|
return true;
|
|
111
111
|
}
|
|
112
112
|
|
|
113
|
+
/**
|
|
114
|
+
* Stringify JSON with escaped multibyte Unicode characters to ensure computed signatures match PHP's default behavior
|
|
115
|
+
*
|
|
116
|
+
* @param {Object} body - The parsed JSON object
|
|
117
|
+
* @returns {string} - Stringified JSON with escaped multibyte Unicode characters
|
|
118
|
+
* @private
|
|
119
|
+
*/
|
|
120
|
+
function jsonStringifyWithEscapedUnicode(body) {
|
|
121
|
+
return JSON.stringify(body).replace(/[\u007f-\uffff]/g, char => `\\u${`0000${char.charCodeAt(0).toString(16)}`.slice(-4)}`);
|
|
122
|
+
}
|
|
123
|
+
|
|
113
124
|
// -----------------------------------------------------------------------------
|
|
114
125
|
// Public
|
|
115
126
|
// -----------------------------------------------------------------------------
|
|
@@ -351,7 +362,8 @@ Webhooks.validateMessage = function(body, headers, primaryKey, secondaryKey, max
|
|
|
351
362
|
// For frameworks like Express that automatically parse JSON
|
|
352
363
|
// bodies into Objects, re-stringify for signature testing
|
|
353
364
|
if (typeof body === 'object') {
|
|
354
|
-
|
|
365
|
+
// Escape forward slashes to ensure a matching signature
|
|
366
|
+
body = jsonStringifyWithEscapedUnicode(body).replace(/\//g, '\\/');
|
|
355
367
|
}
|
|
356
368
|
|
|
357
369
|
if (!validateSignature(body, headers, primaryKey, secondaryKey)) {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "box-node-sdk",
|
|
3
3
|
"author": "Box <oss@box.com>",
|
|
4
|
-
"version": "1.
|
|
4
|
+
"version": "1.37.0",
|
|
5
5
|
"description": "Official SDK for Box Plaform APIs",
|
|
6
6
|
"license": "Apache-2.0",
|
|
7
7
|
"repository": {
|
|
@@ -59,7 +59,7 @@
|
|
|
59
59
|
"nock": "^9.6.1",
|
|
60
60
|
"np": "^7.2.0",
|
|
61
61
|
"npm-force-resolutions": "0.0.3",
|
|
62
|
-
"npm-upgrade": "^
|
|
62
|
+
"npm-upgrade": "^3.0.0",
|
|
63
63
|
"nyc": "^14.0.0",
|
|
64
64
|
"shelljs": "^0.8.3",
|
|
65
65
|
"shelljs-nodecli": "^0.1.1",
|