crisp-api 7.0.0 → 7.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/lib/crisp.js +50 -22
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/lib/crisp.js
CHANGED
|
@@ -524,33 +524,27 @@ Crisp.prototype = {
|
|
|
524
524
|
*/
|
|
525
525
|
verifyHook : function(secret, body, timestamp, signature) {
|
|
526
526
|
if (this._loopback) {
|
|
527
|
-
|
|
528
|
-
if (!secret || !signature || !body || typeof body !== "object" ||
|
|
529
|
-
!timestamp || isNaN(timestamp) === true) {
|
|
530
|
-
return false;
|
|
531
|
-
}
|
|
532
|
-
|
|
533
|
-
// Compute local trace
|
|
534
|
-
var localTrace = ("[" + timestamp + ";" + JSON.stringify(body) + "]");
|
|
535
|
-
|
|
536
|
-
// Create local HMAC
|
|
537
|
-
var localMac = Crypto.createHmac("sha256", secret);
|
|
538
|
-
|
|
539
|
-
localMac.update(localTrace);
|
|
540
|
-
|
|
541
|
-
// Compute local signature, and compare
|
|
542
|
-
var localSignature = localMac.digest("hex");
|
|
543
|
-
|
|
544
|
-
return (
|
|
545
|
-
(signature === localSignature) ? true : false
|
|
546
|
-
);
|
|
527
|
+
return this._verifySignature(secret, body, timestamp, signature);
|
|
547
528
|
}
|
|
548
529
|
|
|
549
|
-
// Default: not verified (
|
|
550
|
-
// bound)
|
|
530
|
+
// Default: not verified (loopback not /yet?/ bound)
|
|
551
531
|
return false;
|
|
552
532
|
},
|
|
553
533
|
|
|
534
|
+
/**
|
|
535
|
+
* Verifies an event string and checks that signatures match (used for \
|
|
536
|
+
* Widgets)
|
|
537
|
+
* @memberof Crisp
|
|
538
|
+
* @method verifyWidget
|
|
539
|
+
* @param {string} secret
|
|
540
|
+
* @param {object} body
|
|
541
|
+
* @param {string} timestamp
|
|
542
|
+
* @param {string} signature
|
|
543
|
+
*/
|
|
544
|
+
verifyWidget : function(secret, body, timestamp, signature) {
|
|
545
|
+
return this._verifySignature(secret, body, timestamp, signature);
|
|
546
|
+
},
|
|
547
|
+
|
|
554
548
|
/**
|
|
555
549
|
* Rebinds socket events (used for WebSockets)
|
|
556
550
|
* @memberof Crisp
|
|
@@ -1001,6 +995,40 @@ Crisp.prototype = {
|
|
|
1001
995
|
// Other methods must hold a response body, therefore we can fallback on \
|
|
1002
996
|
// an HTTP error if we fail to acquire any reason at all.
|
|
1003
997
|
return ((response.body || {}).reason || "http_error");
|
|
998
|
+
},
|
|
999
|
+
|
|
1000
|
+
/**
|
|
1001
|
+
* Verifies an event string and checks that signatures match (used for Web \
|
|
1002
|
+
* Hooks, Widgets)
|
|
1003
|
+
* @memberof Crisp
|
|
1004
|
+
* @private
|
|
1005
|
+
* @method verifyHook
|
|
1006
|
+
* @param {string} secret
|
|
1007
|
+
* @param {object} body
|
|
1008
|
+
* @param {string} timestamp
|
|
1009
|
+
* @param {string} signature
|
|
1010
|
+
*/
|
|
1011
|
+
_verifySignature : function(secret, body, timestamp, signature) {
|
|
1012
|
+
// Ensure all provided data is valid
|
|
1013
|
+
if (!secret || !signature || !body || typeof body !== "object" ||
|
|
1014
|
+
!timestamp || isNaN(timestamp) === true) {
|
|
1015
|
+
return false;
|
|
1016
|
+
}
|
|
1017
|
+
|
|
1018
|
+
// Compute local trace
|
|
1019
|
+
var localTrace = ("[" + timestamp + ";" + JSON.stringify(body) + "]");
|
|
1020
|
+
|
|
1021
|
+
// Create local HMAC
|
|
1022
|
+
var localMac = Crypto.createHmac("sha256", secret);
|
|
1023
|
+
|
|
1024
|
+
localMac.update(localTrace);
|
|
1025
|
+
|
|
1026
|
+
// Compute local signature, and compare
|
|
1027
|
+
var localSignature = localMac.digest("hex");
|
|
1028
|
+
|
|
1029
|
+
return (
|
|
1030
|
+
(signature === localSignature) ? true : false
|
|
1031
|
+
);
|
|
1004
1032
|
}
|
|
1005
1033
|
};
|
|
1006
1034
|
|
package/package.json
CHANGED