lucid-extension-sdk 0.0.148 → 0.0.150
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/data/datasource/serializedimporteddatasource.d.ts +0 -1
- package/dataconnector/cryptodependencies.d.ts +11 -0
- package/dataconnector/cryptodependencies.js +2 -0
- package/dataconnector/dataconnectorclient.d.ts +4 -1
- package/dataconnector/dataconnectorclient.js +4 -3
- package/dataconnector/debugserver.js +11 -0
- package/dataconnector/signaturevalidator.d.ts +3 -6
- package/dataconnector/signaturevalidator.js +7 -27
- package/package.json +1 -1
|
@@ -17,7 +17,6 @@ export declare const isSerializedImportedMetadataCollection: (subject: unknown)
|
|
|
17
17
|
/** @ignore until spreadsheet integration is ready for launch (CHART-51946) */
|
|
18
18
|
export interface SerializedImportedCollection {
|
|
19
19
|
'Name': string;
|
|
20
|
-
'Id'?: string;
|
|
21
20
|
'Schema': SerializedSchema;
|
|
22
21
|
'Items': SerializedDataItems;
|
|
23
22
|
'UpstreamConfig': {
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export declare interface BufferSingleton {
|
|
2
|
+
from(str: string, encoding?: string): unknown;
|
|
3
|
+
}
|
|
4
|
+
export declare interface CryptoModule {
|
|
5
|
+
createPublicKey(key: string): unknown;
|
|
6
|
+
verify(algorithm: string, data: unknown, publicKey: unknown, signature: unknown): boolean;
|
|
7
|
+
}
|
|
8
|
+
export declare type CryptoDependencies = {
|
|
9
|
+
Buffer: BufferSingleton;
|
|
10
|
+
crypto: CryptoModule;
|
|
11
|
+
};
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { JsonObject } from '../core/jsonserializable';
|
|
2
2
|
import { DataConnectorAction } from './actions/action';
|
|
3
|
+
import { CryptoDependencies } from './cryptodependencies';
|
|
3
4
|
import { DataSourceClient, MockDataSourceClient } from './datasourceclient';
|
|
4
5
|
import { SignatureValidator } from './signaturevalidator';
|
|
5
6
|
/** @ignore */
|
|
@@ -13,13 +14,14 @@ export declare type WebhookValidationSecret = {
|
|
|
13
14
|
* Client for requests to and from Lucid
|
|
14
15
|
*/
|
|
15
16
|
export declare class DataConnectorClient {
|
|
17
|
+
private readonly cryptoDependencies;
|
|
16
18
|
urls: {
|
|
17
19
|
main: string;
|
|
18
20
|
api: string;
|
|
19
21
|
};
|
|
20
22
|
private fetchMethod;
|
|
21
23
|
private cachedPublicKey;
|
|
22
|
-
constructor(urls?: {
|
|
24
|
+
constructor(cryptoDependencies: CryptoDependencies, urls?: {
|
|
23
25
|
main: string;
|
|
24
26
|
api: string;
|
|
25
27
|
}, fetchMethod?: import("./defaultfetchfunction").GlobalFetchType);
|
|
@@ -43,6 +45,7 @@ export declare class DataConnectorClient {
|
|
|
43
45
|
export declare class MockDataConnectorClient extends DataConnectorClient {
|
|
44
46
|
/** set properties on this to modify how data source updates are mocked */
|
|
45
47
|
readonly dataSourceClient: MockDataSourceClient;
|
|
48
|
+
constructor();
|
|
46
49
|
/** @ignore */
|
|
47
50
|
getDataSourceClient(updateToken: string): DataSourceClient;
|
|
48
51
|
/** Mocked version just always returns successful */
|
|
@@ -12,7 +12,8 @@ const LUCID_URLS = { main: 'https://lucid.app/', api: 'https://api.lucid.co/' };
|
|
|
12
12
|
* Client for requests to and from Lucid
|
|
13
13
|
*/
|
|
14
14
|
class DataConnectorClient {
|
|
15
|
-
constructor(urls = LUCID_URLS, fetchMethod = defaultfetchfunction_1.globalFetch) {
|
|
15
|
+
constructor(cryptoDependencies, urls = LUCID_URLS, fetchMethod = defaultfetchfunction_1.globalFetch) {
|
|
16
|
+
this.cryptoDependencies = cryptoDependencies;
|
|
16
17
|
this.urls = urls;
|
|
17
18
|
this.fetchMethod = fetchMethod;
|
|
18
19
|
this.cachedPublicKey = undefined;
|
|
@@ -23,7 +24,7 @@ class DataConnectorClient {
|
|
|
23
24
|
}
|
|
24
25
|
/** Get a validator to prove a given request came from Lucid */
|
|
25
26
|
async getSignatureValidator() {
|
|
26
|
-
return new signaturevalidator_1.SignatureValidator(await this.getPublicKey());
|
|
27
|
+
return new signaturevalidator_1.SignatureValidator(this.cryptoDependencies, await this.getPublicKey());
|
|
27
28
|
}
|
|
28
29
|
/** Get Lucid's public key to verify requests came from Lucid if you don't want to use the SignatureValidator. Maybe
|
|
29
30
|
* you're not running in a NodeJS environment */
|
|
@@ -92,7 +93,7 @@ exports.DataConnectorClient = DataConnectorClient;
|
|
|
92
93
|
/** Use this for writing automated tests for your data connector */
|
|
93
94
|
class MockDataConnectorClient extends DataConnectorClient {
|
|
94
95
|
constructor() {
|
|
95
|
-
super(
|
|
96
|
+
super(undefined);
|
|
96
97
|
/** set properties on this to modify how data source updates are mocked */
|
|
97
98
|
this.dataSourceClient = new datasourceclient_1.MockDataSourceClient();
|
|
98
99
|
}
|
|
@@ -10,6 +10,17 @@ function routeDebugServer(dataConnector, options) {
|
|
|
10
10
|
// We can't use Express's JSON parsing because we need to send the string of the request body
|
|
11
11
|
// directly for the route style flows. Some extensions compute a HMAC of from this data
|
|
12
12
|
app.use(express.raw({ type: () => true }));
|
|
13
|
+
// CORS
|
|
14
|
+
app.use((req, res, next) => {
|
|
15
|
+
var _a, _b;
|
|
16
|
+
if ((_b = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.origin) === null || _b === void 0 ? void 0 : _b.match(/.lucid(dev|staging|preprod|).app$/)) {
|
|
17
|
+
res.header('Access-Control-Allow-Origin', req.headers.origin);
|
|
18
|
+
res.header('Vary', 'Origin');
|
|
19
|
+
res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
|
|
20
|
+
res.header('Access-Control-Allow-Headers', '*');
|
|
21
|
+
}
|
|
22
|
+
next();
|
|
23
|
+
});
|
|
13
24
|
const prefix = (_b = options.prefix) !== null && _b !== void 0 ? _b : '/';
|
|
14
25
|
console.log(`Routing ${prefix}?kind=action (${Object.keys(dataConnector.actions).join(', ')})`);
|
|
15
26
|
if (dataConnector.routes) {
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
|
|
2
|
-
export declare const signatureValidatorImportedNode: {
|
|
3
|
-
Buffer: any;
|
|
4
|
-
crypto: any;
|
|
5
|
-
};
|
|
1
|
+
import { CryptoDependencies } from './cryptodependencies';
|
|
6
2
|
/**
|
|
7
3
|
* Allows validation that requests originated from Lucid. This class can only be instanciated in a NodeJS environment.
|
|
8
4
|
* Technically any environment that provides NodeJS compatible implementations of `globalThis.Buffer` and
|
|
9
5
|
* `globalThis.require('crypto')` will work.
|
|
10
6
|
*/
|
|
11
7
|
export declare class SignatureValidator {
|
|
8
|
+
private readonly dependencies;
|
|
12
9
|
private readonly publicKey;
|
|
13
|
-
constructor(publicKey: string);
|
|
10
|
+
constructor(dependencies: CryptoDependencies, publicKey: string);
|
|
14
11
|
/**
|
|
15
12
|
* Validate a given request came from Lucid.
|
|
16
13
|
* @param body The body of the request as a plain JavaScript object. This should be JSON.parse called on exactly the
|
|
@@ -1,35 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.MockSignatureValidator = exports.SignatureValidator =
|
|
4
|
-
// Don't import these normally, so they're resolved at runtime.
|
|
5
|
-
// This is so the lucid-extension-sdk can be used from a browser.
|
|
6
|
-
// This class only is implemented for NodeJS environments, so
|
|
7
|
-
// it will fail at runtime if you try to instanciate it in a browser.
|
|
8
|
-
// It's also exported and mutable because while this compiles and
|
|
9
|
-
// works in the lambda environment, for some reason it doesn't work
|
|
10
|
-
// in the debug server environment, so from there we import it and
|
|
11
|
-
// patch it up with imports that do work.
|
|
12
|
-
/** @ignore */
|
|
13
|
-
exports.signatureValidatorImportedNode = (() => {
|
|
14
|
-
const Buffer = globalThis['Buffer'];
|
|
15
|
-
const require = globalThis['require'];
|
|
16
|
-
const crypto = require && require('crypto');
|
|
17
|
-
return { 'Buffer': Buffer, 'crypto': crypto };
|
|
18
|
-
})();
|
|
3
|
+
exports.MockSignatureValidator = exports.SignatureValidator = void 0;
|
|
19
4
|
/**
|
|
20
5
|
* Allows validation that requests originated from Lucid. This class can only be instanciated in a NodeJS environment.
|
|
21
6
|
* Technically any environment that provides NodeJS compatible implementations of `globalThis.Buffer` and
|
|
22
7
|
* `globalThis.require('crypto')` will work.
|
|
23
8
|
*/
|
|
24
9
|
class SignatureValidator {
|
|
25
|
-
constructor(publicKey) {
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
}
|
|
29
|
-
if (!exports.signatureValidatorImportedNode['crypto']) {
|
|
30
|
-
throw new Error("Expect `require('crypto')` to be defined");
|
|
31
|
-
}
|
|
32
|
-
this.publicKey = exports.signatureValidatorImportedNode['crypto']['createPublicKey'](publicKey);
|
|
10
|
+
constructor(dependencies, publicKey) {
|
|
11
|
+
this.dependencies = dependencies;
|
|
12
|
+
this.publicKey = dependencies.crypto.createPublicKey(publicKey);
|
|
33
13
|
}
|
|
34
14
|
/**
|
|
35
15
|
* Validate a given request came from Lucid.
|
|
@@ -44,9 +24,9 @@ class SignatureValidator {
|
|
|
44
24
|
const parts = url.split('?');
|
|
45
25
|
const params = parts.length > 0 ? parts[1] : '';
|
|
46
26
|
const nonce = headers['x-lucid-rsa-nonce'];
|
|
47
|
-
const signature =
|
|
48
|
-
const data =
|
|
49
|
-
const verified =
|
|
27
|
+
const signature = this.dependencies.Buffer.from(headers['x-lucid-signature'], 'base64');
|
|
28
|
+
const data = this.dependencies.Buffer.from(JSON.stringify(body) + nonce + params);
|
|
29
|
+
const verified = this.dependencies.crypto.verify('SHA384', data, this.publicKey, signature);
|
|
50
30
|
return verified;
|
|
51
31
|
}
|
|
52
32
|
}
|