npm - next-sanity - Versions diffs - 9.0.10 → 9.0.11 - Mend

next-sanity 9.0.10 → 9.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/webhook.cjs CHANGED Viewed

	@@ -1 +1 @@
1	- "use strict";Object.defineProperty(exports,"__esModule",{value:!0});~~var~~ e=~~require~~("@sanity/webhook");exports.parseBody=async function(r,t,i=!0){const a=r.headers.get(~~e.SIGNATURE_HEADER_NAME~~);if(!a)return console.error("Missing signature header"),{body:null,isValidSignature:null};const s=await r.text(),n=t?await e.~~isValidSignature~~(s,a,t.trim()):null;return!1!==n&&i&&await new Promise((e=>setTimeout(e,3e3))),{body:s.trim()?JSON.parse(s):null,isValidSignature:n}};//# sourceMappingURL=webhook.cjs.map
1	+ "use strict";var e=Object.defineProperty,t=(t,r,n)=>(((t,r,n)=>{r in t?e(t,r,{enumerable:!0,configurable:!0,writable:!0,value:n}):t[r]=n})(t,"symbol"!=typeof r?r+"":r,n),n);Object.defineProperty(exports,"__esModule",{value:!0});class r extends Error{constructor(){super(...arguments),t(this,"type","WebhookSignatureValueError"),t(this,"statusCode",401)}}class n extends Error{constructor(){super(...arguments),t(this,"type","WebhookSignatureFormatError"),t(this,"statusCode",400)}}const o=16094592e5,a=/^t=(\d+)[, ]+v1=([^, ]+)$/;async function i(e,t,i){const{timestamp:s}=function(e){if(!e)throw new n("Missing or empty signature header");const[,t,r]=e.trim().match(a)\|\|[];if(!t\|\|!r)throw new n("Invalid signature payload format");return{timestamp:parseInt(t,10),hashedPayload:r}}(t),u=await async function(e,t,r){const a=await async function(e,t,r){if(typeof crypto>"u")throw new TypeError("The Web Crypto API is not available in this environment, either polyfill `globalThis.crypto` or downgrade to `@sanity/webhook@3` which uses the Node.js `crypto` module.");if(!r\|\|"string"!=typeof r)throw new n("Invalid secret provided");if(!e)throw new n("Can not create signature for empty payload");if("string"!=typeof e)throw new n("Payload must be a JSON-encoded string");if("number"!=typeof t\|\|isNaN(t)\|\|t<o)throw new n("Invalid signature timestamp, must be a unix timestamp with millisecond precision");const a=new TextEncoder,i=await crypto.subtle.importKey("raw",a.encode(r),{name:"HMAC",hash:"SHA-256"},!1,["sign"]),s=`${t}.${e}`,u=await crypto.subtle.sign("HMAC",i,a.encode(s)),c=Array.from(new Uint8Array(u));return btoa(String.fromCharCode.apply(null,c)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}(e,t,r);return`t=${t},v1=${a}`}(e,s,i);if(t!==u)throw new r("Signature is invalid")}exports.parseBody=async function(e,t,r=!0){const n=e.headers.get("sanity-webhook-signature");if(!n)return console.error("Missing signature header"),{body:null,isValidSignature:null};const o=await e.text(),a=t?await async function(e,t,r){try{return await i(e,t,r),!0}catch(e){if("object"==typeof(n=e)&&null!==n&&"type"in n&&["WebhookSignatureValueError","WebhookSignatureFormatError"].includes(n.type))return!1;throw e}var n}(o,n,t.trim()):null;return!1!==a&&r&&await new Promise((e=>setTimeout(e,3e3))),{body:o.trim()?JSON.parse(o):null,isValidSignature:a}};//# sourceMappingURL=webhook.cjs.map

package/dist/webhook.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"webhook.cjs","sources":["../src/webhook/index.ts"],"sourcesContent":["import type {SanityDocument} from '@sanity/types'\nimport {isValidSignature, SIGNATURE_HEADER_NAME} from '@sanity/webhook'\nimport type {NextRequest} from 'next/server'\n\n/** @public /\nexport type ParsedBody<T> = {\n /\n If a secret is given then it returns a boolean. If no secret is provided then no validation is done on the signature, and it'll return `null`\n /\n isValidSignature: boolean \| null\n body: T \| null\n}\n\n/\n Handles parsing the body JSON, and validating its signature. Also waits for Content Lake eventual consistency so you can run your queries\n * without worrying about getting stale data.\n * @public\n */\nexport async function parseBody<Body = SanityDocument>(\n req: NextRequest,\n secret?: string,\n waitForContentLakeEventualConsistency = true,\n): Promise<ParsedBody<Body>> {\n const signature = req.headers.get(SIGNATURE_HEADER_NAME)\n if (!signature) {\n console.error('Missing signature header')\n return {body: null, isValidSignature: null}\n }\n\n const body = await req.text()\n const validSignature = secret ? await isValidSignature(body, signature, secret.trim()) : null\n\n if (validSignature !== false && waitForContentLakeEventualConsistency) {\n await new Promise((resolve) => setTimeout(resolve, 3000))\n }\n\n return {\n body: body.trim() ? JSON.parse(body) : null,\n isValidSignature: validSignature,\n }\n}\n"],"names":["~~exports~~","~~parseBody~~","async","~~req~~","secret","~~waitForContentLakeEventualConsistency~~","~~signature~~","~~headers~~","~~get~~","~~SIGNATURE_HEADER_NAME~~","console","error","body","isValidSignature","text","validSignature","~~trim~~","Promise","resolve","setTimeout","JSON","parse"],"mappings":"~~qGAwCAA~~,QAAAC,~~UAtBAC~~,~~eACEC~~,~~EACAC~~,~~EACAC~~,GAAwC,GAExC,~~MAAMC~~,~~EAAYH~~,~~EAAII~~,QAAQC,~~IAAIC~~,~~EAAqBA~~,~~uBACvD~~,~~IAAKH,~~EACH,~~OAAAI~~,QAAQC,MAAM,4BACP,CAACC,KAAM,KAAMC,iBAAkB,MAGxC,MAAMD,~~QAAaT~~,~~EAAIW~~,OACjBC,~~EAAiBX~~,~~QAAeS~~,~~EAAAA~~,~~iBAAiBD~~,~~EAAMN~~,~~EAAWF~~,~~EAAOY~~,QAAU,KAEzF,OAAuB,~~IAAnBD~~,~~GAA4BV~~,SACxB,IAAIY,SAASC,GAAYC,WAAWD,EAAS,OAG9C,~~CACLN~~,KAAMA,~~EAAKI~~,~~OAASI~~,KAAKC,~~MAAMT~~,GAAQ,KACvCC,iBAAkBE,EAEtB"}
1	+ {"version":3,"file":"webhook.cjs","sources":["../../../node_modules/.pnpm/@sanity+webhook@4.0.4/node_modules/@sanity/webhook/dist/index.mjs","../src/webhook/index.ts"],"sourcesContent":["class WebhookSignatureValueError extends Error {\n type = \"WebhookSignatureValueError\";\n statusCode = 401;\n}\nclass WebhookSignatureFormatError extends Error {\n type = \"WebhookSignatureFormatError\";\n statusCode = 400;\n}\nfunction isSignatureError(error) {\n return typeof error == \"object\" && error !== null && \"type\" in error && [\"WebhookSignatureValueError\", \"WebhookSignatureFormatError\"].includes(\n error.type\n );\n}\nconst MINIMUM_TIMESTAMP = 16094592e5, SIGNATURE_HEADER_REGEX = /^t=(\\d+)[, ]+v1=([^, ]+)$/, SIGNATURE_HEADER_NAME = \"sanity-webhook-signature\";\nasync function assertValidSignature(stringifiedPayload, signature, secret) {\n const { timestamp } = decodeSignatureHeader(signature), encoded = await encodeSignatureHeader(stringifiedPayload, timestamp, secret);\n if (signature !== encoded)\n throw new WebhookSignatureValueError(\"Signature is invalid\");\n}\nasync function isValidSignature(stringifiedPayload, signature, secret) {\n try {\n return await assertValidSignature(stringifiedPayload, signature, secret), !0;\n } catch (err) {\n if (isSignatureError(err))\n return !1;\n throw err;\n }\n}\nasync function assertValidRequest(request, secret) {\n const signature = request.headers[SIGNATURE_HEADER_NAME];\n if (Array.isArray(signature))\n throw new WebhookSignatureFormatError(\"Multiple signature headers received\");\n if (typeof signature != \"string\")\n throw new WebhookSignatureValueError(\"Request contained no signature header\");\n if (typeof request.body > \"u\")\n throw new WebhookSignatureFormatError(\"Request contained no parsed request body\");\n if (typeof request.body == \"string\" \|\| Buffer.isBuffer(request.body))\n await assertValidSignature(request.body.toString(\"utf8\"), signature, secret);\n else\n throw new Error(\n \"[@sanity/webhook] `request.body` was not a string/buffer - this can lead to invalid signatures. See the [migration docs](https://github.com/sanity-io/webhook-toolkit#from-parsed-to-unparsed-body) for details on how to fix this.\"\n );\n}\nasync function isValidRequest(request, secret) {\n try {\n return await assertValidRequest(request, secret), !0;\n } catch (err) {\n if (isSignatureError(err))\n return !1;\n throw err;\n }\n}\nasync function encodeSignatureHeader(stringifiedPayload, timestamp, secret) {\n const signature = await createHS256Signature(stringifiedPayload, timestamp, secret);\n return `t=${timestamp},v1=${signature}`;\n}\nfunction decodeSignatureHeader(signaturePayload) {\n if (!signaturePayload)\n throw new WebhookSignatureFormatError(\"Missing or empty signature header\");\n const [, timestamp, hashedPayload] = signaturePayload.trim().match(SIGNATURE_HEADER_REGEX) \|\| [];\n if (!timestamp \|\| !hashedPayload)\n throw new WebhookSignatureFormatError(\"Invalid signature payload format\");\n return {\n timestamp: parseInt(timestamp, 10),\n hashedPayload\n };\n}\nasync function createHS256Signature(stringifiedPayload, timestamp, secret) {\n if (typeof crypto > \"u\")\n throw new TypeError(\n \"The Web Crypto API is not available in this environment, either polyfill `globalThis.crypto` or downgrade to `@sanity/webhook@3` which uses the Node.js `crypto` module.\"\n );\n if (!secret \|\| typeof secret != \"string\")\n throw new WebhookSignatureFormatError(\"Invalid secret provided\");\n if (!stringifiedPayload)\n throw new WebhookSignatureFormatError(\"Can not create signature for empty payload\");\n if (typeof stringifiedPayload != \"string\")\n throw new WebhookSignatureFormatError(\"Payload must be a JSON-encoded string\");\n if (typeof timestamp != \"number\" \|\| isNaN(timestamp) \|\| timestamp < MINIMUM_TIMESTAMP)\n throw new WebhookSignatureFormatError(\n \"Invalid signature timestamp, must be a unix timestamp with millisecond precision\"\n );\n const enc = new TextEncoder(), key = await crypto.subtle.importKey(\n \"raw\",\n enc.encode(secret),\n { name: \"HMAC\", hash: \"SHA-256\" },\n !1,\n [\"sign\"]\n ), signaturePayload = `${timestamp}.${stringifiedPayload}`, signature = await crypto.subtle.sign(\"HMAC\", key, enc.encode(signaturePayload)), signatureArray = Array.from(new Uint8Array(signature));\n return btoa(String.fromCharCode.apply(null, signatureArray)).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\nfunction requireSignedRequest(options) {\n const parseBody = typeof options.parseBody > \"u\" ? !0 : options.parseBody, respondOnError = typeof options.respondOnError > \"u\" ? !0 : options.respondOnError;\n return async function(request, response, next) {\n try {\n await assertValidRequest(request, options.secret), parseBody && typeof request.body == \"string\" && (request.body = JSON.parse(request.body)), next();\n } catch (err) {\n if (!respondOnError \|\| !isSignatureError(err)) {\n next(err);\n return;\n }\n response.status(err.statusCode).json({ message: err.message });\n }\n };\n}\nexport {\n SIGNATURE_HEADER_NAME,\n WebhookSignatureFormatError,\n WebhookSignatureValueError,\n assertValidRequest,\n assertValidSignature,\n decodeSignatureHeader,\n encodeSignatureHeader,\n isSignatureError,\n isValidRequest,\n isValidSignature,\n requireSignedRequest\n};\n//# sourceMappingURL=index.mjs.map\n","import type {SanityDocument} from '@sanity/types'\nimport {isValidSignature, SIGNATURE_HEADER_NAME} from '@sanity/webhook'\nimport type {NextRequest} from 'next/server'\n\n/** @public /\nexport type ParsedBody<T> = {\n /\n If a secret is given then it returns a boolean. If no secret is provided then no validation is done on the signature, and it'll return `null`\n /\n isValidSignature: boolean \| null\n body: T \| null\n}\n\n/\n Handles parsing the body JSON, and validating its signature. Also waits for Content Lake eventual consistency so you can run your queries\n * without worrying about getting stale data.\n * @public\n */\nexport async function parseBody<Body = SanityDocument>(\n req: NextRequest,\n secret?: string,\n waitForContentLakeEventualConsistency = true,\n): Promise<ParsedBody<Body>> {\n const signature = req.headers.get(SIGNATURE_HEADER_NAME)\n if (!signature) {\n console.error('Missing signature header')\n return {body: null, isValidSignature: null}\n }\n\n const body = await req.text()\n const validSignature = secret ? await isValidSignature(body, signature, secret.trim()) : null\n\n if (validSignature !== false && waitForContentLakeEventualConsistency) {\n await new Promise((resolve) => setTimeout(resolve, 3000))\n }\n\n return {\n body: body.trim() ? JSON.parse(body) : null,\n isValidSignature: validSignature,\n }\n}\n"],"names":["WebhookSignatureValueError","Error","constructor","super","arguments","__publicField","this","WebhookSignatureFormatError","MINIMUM_TIMESTAMP","SIGNATURE_HEADER_REGEX","async","assertValidSignature","stringifiedPayload","signature","secret","timestamp","signaturePayload","hashedPayload","trim","match","parseInt","decodeSignatureHeader","encoded","crypto","TypeError","isNaN","enc","TextEncoder","key","subtle","importKey","encode","name","hash","sign","signatureArray","Array","from","Uint8Array","btoa","String","fromCharCode","apply","replace","createHS256Signature","encodeSignatureHeader","exports","parseBody","req","waitForContentLakeEventualConsistency","headers","get","console","error","body","isValidSignature","text","validSignature","err","includes","type","Promise","resolve","setTimeout","JSON","parse"],"mappings":"oOAAA,MAAMA,UAAmCC,MAAzC,WAAAC,GAAAC,SAAAC,WACSC,EAAAC,KAAA,OAAA,8BACMD,EAAAC,KAAA,aAAA,IAAA,EAEf,MAAMC,UAAoCN,MAA1C,WAAAC,GAAAC,SAAAC,WACSC,EAAAC,KAAA,OAAA,+BACMD,EAAAC,KAAA,aAAA,IAAA,EAOf,MAAME,EAAoB,WAAYC,EAAyB,4BAC/DC,eAAeC,EAAqBC,EAAoBC,EAAWC,GAC3D,MAAAC,UAAEA,GAyCV,SAA+BC,GAC7B,IAAKA,EACG,MAAA,IAAIT,EAA4B,qCAClC,MAAG,CAAAQ,EAAWE,GAAiBD,EAAiBE,OAAOC,MAAMV,IAA2B,GAC1F,IAACM,IAAcE,EACX,MAAA,IAAIV,EAA4B,oCACjC,MAAA,CACLQ,UAAWK,SAASL,EAAW,IAC/BE,gBAEJ,CAnDwBI,CAAsBR,GAAYS,QAqC1DZ,eAAqCE,EAAoBG,EAAWD,GAClE,MAAMD,QAcRH,eAAoCE,EAAoBG,EAAWD,GACjE,UAAWS,OAAS,IAClB,MAAM,IAAIC,UACR,4KAEA,IAACV,GAA2B,iBAAVA,EACd,MAAA,IAAIP,EAA4B,2BACxC,IAAKK,EACG,MAAA,IAAIL,EAA4B,8CACxC,GAAiC,iBAAtBK,EACH,MAAA,IAAIL,EAA4B,yCACxC,GAAwB,iBAAbQ,GAAyBU,MAAMV,IAAcA,EAAYP,EAClE,MAAM,IAAID,EACR,oFAEJ,MAAMmB,EAAM,IAAIC,YAAeC,QAAYL,OAAOM,OAAOC,UACvD,MACAJ,EAAIK,OAAOjB,GACX,CAAEkB,KAAM,OAAQC,KAAM,YACtB,EACA,CAAC,SACAjB,EAAmB,GAAGD,KAAaH,IAAsBC,QAAkBU,OAAOM,OAAOK,KAAK,OAAQN,EAAKF,EAAIK,OAAOf,IAAoBmB,EAAiBC,MAAMC,KAAK,IAAIC,WAAWzB,IACxL,OAAO0B,KAAKC,OAAOC,aAAaC,MAAM,KAAMP,IAAiBQ,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,GACtH,CArC0BC,CAAqBhC,EAAoBG,EAAWD,GACrE,MAAA,KAAKC,QAAgBF,GAC9B,CAxC0EgC,CAAsBjC,EAAoBG,EAAWD,GAC7H,GAAID,IAAcS,EACV,MAAA,IAAItB,EAA2B,uBACzC,CCsBA8C,QAAAC,UAtBArC,eACEsC,EACAlC,EACAmC,GAAwC,GAExC,MAAMpC,EAAYmC,EAAIE,QAAQC,IDVoF,4BCWlH,IAAKtC,EACH,OAAAuC,QAAQC,MAAM,4BACP,CAACC,KAAM,KAAMC,iBAAkB,MAGxC,MAAMD,QAAaN,EAAIQ,OACjBC,EAAiB3C,QDXzBJ,eAAgCE,EAAoBC,EAAWC,GACzD,IACF,aAAaH,EAAqBC,EAAoBC,EAAWC,IAAS,CAC3E,OAAQ4C,GACP,GAdqB,iBADCL,EAeDK,IAdsB,OAAVL,GAAkB,SAAUA,GAAS,CAAC,6BAA8B,+BAA+BM,SACpIN,EAAMO,MAcG,OAAA,EACH,MAAAF,CACP,CAlBH,IAA0BL,CAmB1B,CCGwCE,CAAiBD,EAAMzC,EAAWC,EAAOI,QAAU,KAEzF,OAAuB,IAAnBuC,GAA4BR,SACxB,IAAIY,SAASC,GAAYC,WAAWD,EAAS,OAG9C,CACLR,KAAMA,EAAKpC,OAAS8C,KAAKC,MAAMX,GAAQ,KACvCC,iBAAkBE,EAEtB","x_google_ignoreList":[0]}

package/dist/webhook.js CHANGED Viewed

	@@ -1 +1 @@
1	- ~~import~~{~~SIGNATURE_HEADER_NAME~~ as e,~~isValidSignature~~ as t}~~from~~"@sanity/webhook";~~async~~ ~~function~~ i(i,r,n=!0){const a=i.headers.get(e);if(!a)return console.error("Missing signature header"),{body:null,isValidSignature:null};const o=await i.text(),s=r?await t(o,a,r.trim()):null;return!1!==s&&n&&await new Promise((e=>setTimeout(e,3e3))),{body:o.trim()?JSON.parse(o):null,isValidSignature:s}}export{i as parseBody};//# sourceMappingURL=webhook.js.map
1	+ var e=Object.defineProperty,t=(t,r,n)=>(((t,r,n)=>{r in t?e(t,r,{enumerable:!0,configurable:!0,writable:!0,value:n}):t[r]=n})(t,"symbol"!=typeof r?r+"":r,n),n);class r extends Error{constructor(){super(...arguments),t(this,"type","WebhookSignatureValueError"),t(this,"statusCode",401)}}class n extends Error{constructor(){super(...arguments),t(this,"type","WebhookSignatureFormatError"),t(this,"statusCode",400)}}const o=16094592e5,a=/^t=(\d+)[, ]+v1=([^, ]+)$/;async function i(e,t,i){const{timestamp:s}=function(e){if(!e)throw new n("Missing or empty signature header");const[,t,r]=e.trim().match(a)\|\|[];if(!t\|\|!r)throw new n("Invalid signature payload format");return{timestamp:parseInt(t,10),hashedPayload:r}}(t),u=await async function(e,t,r){const a=await async function(e,t,r){if(typeof crypto>"u")throw new TypeError("The Web Crypto API is not available in this environment, either polyfill `globalThis.crypto` or downgrade to `@sanity/webhook@3` which uses the Node.js `crypto` module.");if(!r\|\|"string"!=typeof r)throw new n("Invalid secret provided");if(!e)throw new n("Can not create signature for empty payload");if("string"!=typeof e)throw new n("Payload must be a JSON-encoded string");if("number"!=typeof t\|\|isNaN(t)\|\|t<o)throw new n("Invalid signature timestamp, must be a unix timestamp with millisecond precision");const a=new TextEncoder,i=await crypto.subtle.importKey("raw",a.encode(r),{name:"HMAC",hash:"SHA-256"},!1,["sign"]),s=`${t}.${e}`,u=await crypto.subtle.sign("HMAC",i,a.encode(s)),c=Array.from(new Uint8Array(u));return btoa(String.fromCharCode.apply(null,c)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}(e,t,r);return`t=${t},v1=${a}`}(e,s,i);if(t!==u)throw new r("Signature is invalid")}async function s(e,t,r=!0){const n=e.headers.get("sanity-webhook-signature");if(!n)return console.error("Missing signature header"),{body:null,isValidSignature:null};const o=await e.text(),a=t?await async function(e,t,r){try{return await i(e,t,r),!0}catch(e){if("object"==typeof(n=e)&&null!==n&&"type"in n&&["WebhookSignatureValueError","WebhookSignatureFormatError"].includes(n.type))return!1;throw e}var n}(o,n,t.trim()):null;return!1!==a&&r&&await new Promise((e=>setTimeout(e,3e3))),{body:o.trim()?JSON.parse(o):null,isValidSignature:a}}export{s as parseBody};//# sourceMappingURL=webhook.js.map

package/dist/webhook.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"webhook.js","sources":["../src/webhook/index.ts"],"sourcesContent":["import type {SanityDocument} from '@sanity/types'\nimport {isValidSignature, SIGNATURE_HEADER_NAME} from '@sanity/webhook'\nimport type {NextRequest} from 'next/server'\n\n/** @public /\nexport type ParsedBody<T> = {\n /\n If a secret is given then it returns a boolean. If no secret is provided then no validation is done on the signature, and it'll return `null`\n /\n isValidSignature: boolean \| null\n body: T \| null\n}\n\n/\n Handles parsing the body JSON, and validating its signature. Also waits for Content Lake eventual consistency so you can run your queries\n * without worrying about getting stale data.\n * @public\n */\nexport async function parseBody<Body = SanityDocument>(\n req: NextRequest,\n secret?: string,\n waitForContentLakeEventualConsistency = true,\n): Promise<ParsedBody<Body>> {\n const signature = req.headers.get(SIGNATURE_HEADER_NAME)\n if (!signature) {\n console.error('Missing signature header')\n return {body: null, isValidSignature: null}\n }\n\n const body = await req.text()\n const validSignature = secret ? await isValidSignature(body, signature, secret.trim()) : null\n\n if (validSignature !== false && waitForContentLakeEventualConsistency) {\n await new Promise((resolve) => setTimeout(resolve, 3000))\n }\n\n return {\n body: body.trim() ? JSON.parse(body) : null,\n isValidSignature: validSignature,\n }\n}\n"],"names":["async","~~parseBody~~","~~req~~","secret","~~waitForContentLakeEventualConsistency~~","~~signature~~","~~headers~~","~~get~~","~~SIGNATURE_HEADER_NAME~~","console","error","body","isValidSignature","text","validSignature","~~trim~~","Promise","resolve","setTimeout","JSON","parse"],"mappings":"~~8EAkBAA~~,~~eAAsBC~~,EACpBC,~~EACAC~~,~~EACAC~~,GAAwC,GAExC,~~MAAMC~~,~~EAAYH~~,~~EAAII~~,QAAQC,~~IAAIC~~,~~GAClC~~,~~IAAKH~~,EACH,~~OAAAI~~,QAAQC,MAAM,4BACP,CAACC,KAAM,KAAMC,iBAAkB,MAGxC,MAAMD,~~QAAaT~~,~~EAAIW~~,OACjBC,~~EAAiBX~~,~~QAAeS~~,~~EAAiBD~~,~~EAAMN~~,~~EAAWF~~,~~EAAOY~~,QAAU,KAEzF,OAAuB,~~IAAnBD~~,~~GAA4BV~~,SACxB,IAAIY,SAASC,GAAYC,WAAWD,EAAS,OAG9C,~~CACLN~~,KAAMA,~~EAAKI~~,~~OAASI~~,KAAKC,~~MAAMT~~,GAAQ,KACvCC,iBAAkBE,EAEtB"}
1	+ {"version":3,"file":"webhook.js","sources":["../../../node_modules/.pnpm/@sanity+webhook@4.0.4/node_modules/@sanity/webhook/dist/index.mjs","../src/webhook/index.ts"],"sourcesContent":["class WebhookSignatureValueError extends Error {\n type = \"WebhookSignatureValueError\";\n statusCode = 401;\n}\nclass WebhookSignatureFormatError extends Error {\n type = \"WebhookSignatureFormatError\";\n statusCode = 400;\n}\nfunction isSignatureError(error) {\n return typeof error == \"object\" && error !== null && \"type\" in error && [\"WebhookSignatureValueError\", \"WebhookSignatureFormatError\"].includes(\n error.type\n );\n}\nconst MINIMUM_TIMESTAMP = 16094592e5, SIGNATURE_HEADER_REGEX = /^t=(\\d+)[, ]+v1=([^, ]+)$/, SIGNATURE_HEADER_NAME = \"sanity-webhook-signature\";\nasync function assertValidSignature(stringifiedPayload, signature, secret) {\n const { timestamp } = decodeSignatureHeader(signature), encoded = await encodeSignatureHeader(stringifiedPayload, timestamp, secret);\n if (signature !== encoded)\n throw new WebhookSignatureValueError(\"Signature is invalid\");\n}\nasync function isValidSignature(stringifiedPayload, signature, secret) {\n try {\n return await assertValidSignature(stringifiedPayload, signature, secret), !0;\n } catch (err) {\n if (isSignatureError(err))\n return !1;\n throw err;\n }\n}\nasync function assertValidRequest(request, secret) {\n const signature = request.headers[SIGNATURE_HEADER_NAME];\n if (Array.isArray(signature))\n throw new WebhookSignatureFormatError(\"Multiple signature headers received\");\n if (typeof signature != \"string\")\n throw new WebhookSignatureValueError(\"Request contained no signature header\");\n if (typeof request.body > \"u\")\n throw new WebhookSignatureFormatError(\"Request contained no parsed request body\");\n if (typeof request.body == \"string\" \|\| Buffer.isBuffer(request.body))\n await assertValidSignature(request.body.toString(\"utf8\"), signature, secret);\n else\n throw new Error(\n \"[@sanity/webhook] `request.body` was not a string/buffer - this can lead to invalid signatures. See the [migration docs](https://github.com/sanity-io/webhook-toolkit#from-parsed-to-unparsed-body) for details on how to fix this.\"\n );\n}\nasync function isValidRequest(request, secret) {\n try {\n return await assertValidRequest(request, secret), !0;\n } catch (err) {\n if (isSignatureError(err))\n return !1;\n throw err;\n }\n}\nasync function encodeSignatureHeader(stringifiedPayload, timestamp, secret) {\n const signature = await createHS256Signature(stringifiedPayload, timestamp, secret);\n return `t=${timestamp},v1=${signature}`;\n}\nfunction decodeSignatureHeader(signaturePayload) {\n if (!signaturePayload)\n throw new WebhookSignatureFormatError(\"Missing or empty signature header\");\n const [, timestamp, hashedPayload] = signaturePayload.trim().match(SIGNATURE_HEADER_REGEX) \|\| [];\n if (!timestamp \|\| !hashedPayload)\n throw new WebhookSignatureFormatError(\"Invalid signature payload format\");\n return {\n timestamp: parseInt(timestamp, 10),\n hashedPayload\n };\n}\nasync function createHS256Signature(stringifiedPayload, timestamp, secret) {\n if (typeof crypto > \"u\")\n throw new TypeError(\n \"The Web Crypto API is not available in this environment, either polyfill `globalThis.crypto` or downgrade to `@sanity/webhook@3` which uses the Node.js `crypto` module.\"\n );\n if (!secret \|\| typeof secret != \"string\")\n throw new WebhookSignatureFormatError(\"Invalid secret provided\");\n if (!stringifiedPayload)\n throw new WebhookSignatureFormatError(\"Can not create signature for empty payload\");\n if (typeof stringifiedPayload != \"string\")\n throw new WebhookSignatureFormatError(\"Payload must be a JSON-encoded string\");\n if (typeof timestamp != \"number\" \|\| isNaN(timestamp) \|\| timestamp < MINIMUM_TIMESTAMP)\n throw new WebhookSignatureFormatError(\n \"Invalid signature timestamp, must be a unix timestamp with millisecond precision\"\n );\n const enc = new TextEncoder(), key = await crypto.subtle.importKey(\n \"raw\",\n enc.encode(secret),\n { name: \"HMAC\", hash: \"SHA-256\" },\n !1,\n [\"sign\"]\n ), signaturePayload = `${timestamp}.${stringifiedPayload}`, signature = await crypto.subtle.sign(\"HMAC\", key, enc.encode(signaturePayload)), signatureArray = Array.from(new Uint8Array(signature));\n return btoa(String.fromCharCode.apply(null, signatureArray)).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\nfunction requireSignedRequest(options) {\n const parseBody = typeof options.parseBody > \"u\" ? !0 : options.parseBody, respondOnError = typeof options.respondOnError > \"u\" ? !0 : options.respondOnError;\n return async function(request, response, next) {\n try {\n await assertValidRequest(request, options.secret), parseBody && typeof request.body == \"string\" && (request.body = JSON.parse(request.body)), next();\n } catch (err) {\n if (!respondOnError \|\| !isSignatureError(err)) {\n next(err);\n return;\n }\n response.status(err.statusCode).json({ message: err.message });\n }\n };\n}\nexport {\n SIGNATURE_HEADER_NAME,\n WebhookSignatureFormatError,\n WebhookSignatureValueError,\n assertValidRequest,\n assertValidSignature,\n decodeSignatureHeader,\n encodeSignatureHeader,\n isSignatureError,\n isValidRequest,\n isValidSignature,\n requireSignedRequest\n};\n//# sourceMappingURL=index.mjs.map\n","import type {SanityDocument} from '@sanity/types'\nimport {isValidSignature, SIGNATURE_HEADER_NAME} from '@sanity/webhook'\nimport type {NextRequest} from 'next/server'\n\n/** @public /\nexport type ParsedBody<T> = {\n /\n If a secret is given then it returns a boolean. If no secret is provided then no validation is done on the signature, and it'll return `null`\n /\n isValidSignature: boolean \| null\n body: T \| null\n}\n\n/\n Handles parsing the body JSON, and validating its signature. Also waits for Content Lake eventual consistency so you can run your queries\n * without worrying about getting stale data.\n * @public\n */\nexport async function parseBody<Body = SanityDocument>(\n req: NextRequest,\n secret?: string,\n waitForContentLakeEventualConsistency = true,\n): Promise<ParsedBody<Body>> {\n const signature = req.headers.get(SIGNATURE_HEADER_NAME)\n if (!signature) {\n console.error('Missing signature header')\n return {body: null, isValidSignature: null}\n }\n\n const body = await req.text()\n const validSignature = secret ? await isValidSignature(body, signature, secret.trim()) : null\n\n if (validSignature !== false && waitForContentLakeEventualConsistency) {\n await new Promise((resolve) => setTimeout(resolve, 3000))\n }\n\n return {\n body: body.trim() ? JSON.parse(body) : null,\n isValidSignature: validSignature,\n }\n}\n"],"names":["WebhookSignatureValueError","Error","constructor","super","arguments","__publicField","this","WebhookSignatureFormatError","MINIMUM_TIMESTAMP","SIGNATURE_HEADER_REGEX","async","assertValidSignature","stringifiedPayload","signature","secret","timestamp","signaturePayload","hashedPayload","trim","match","parseInt","decodeSignatureHeader","encoded","crypto","TypeError","isNaN","enc","TextEncoder","key","subtle","importKey","encode","name","hash","sign","signatureArray","Array","from","Uint8Array","btoa","String","fromCharCode","apply","replace","createHS256Signature","encodeSignatureHeader","parseBody","req","waitForContentLakeEventualConsistency","headers","get","console","error","body","isValidSignature","text","validSignature","err","includes","type","Promise","resolve","setTimeout","JSON","parse"],"mappings":"gKAAA,MAAMA,UAAmCC,MAAzC,WAAAC,GAAAC,SAAAC,WACSC,EAAAC,KAAA,OAAA,8BACMD,EAAAC,KAAA,aAAA,IAAA,EAEf,MAAMC,UAAoCN,MAA1C,WAAAC,GAAAC,SAAAC,WACSC,EAAAC,KAAA,OAAA,+BACMD,EAAAC,KAAA,aAAA,IAAA,EAOf,MAAME,EAAoB,WAAYC,EAAyB,4BAC/DC,eAAeC,EAAqBC,EAAoBC,EAAWC,GAC3D,MAAAC,UAAEA,GAyCV,SAA+BC,GAC7B,IAAKA,EACG,MAAA,IAAIT,EAA4B,qCAClC,MAAG,CAAAQ,EAAWE,GAAiBD,EAAiBE,OAAOC,MAAMV,IAA2B,GAC1F,IAACM,IAAcE,EACX,MAAA,IAAIV,EAA4B,oCACjC,MAAA,CACLQ,UAAWK,SAASL,EAAW,IAC/BE,gBAEJ,CAnDwBI,CAAsBR,GAAYS,QAqC1DZ,eAAqCE,EAAoBG,EAAWD,GAClE,MAAMD,QAcRH,eAAoCE,EAAoBG,EAAWD,GACjE,UAAWS,OAAS,IAClB,MAAM,IAAIC,UACR,4KAEA,IAACV,GAA2B,iBAAVA,EACd,MAAA,IAAIP,EAA4B,2BACxC,IAAKK,EACG,MAAA,IAAIL,EAA4B,8CACxC,GAAiC,iBAAtBK,EACH,MAAA,IAAIL,EAA4B,yCACxC,GAAwB,iBAAbQ,GAAyBU,MAAMV,IAAcA,EAAYP,EAClE,MAAM,IAAID,EACR,oFAEJ,MAAMmB,EAAM,IAAIC,YAAeC,QAAYL,OAAOM,OAAOC,UACvD,MACAJ,EAAIK,OAAOjB,GACX,CAAEkB,KAAM,OAAQC,KAAM,YACtB,EACA,CAAC,SACAjB,EAAmB,GAAGD,KAAaH,IAAsBC,QAAkBU,OAAOM,OAAOK,KAAK,OAAQN,EAAKF,EAAIK,OAAOf,IAAoBmB,EAAiBC,MAAMC,KAAK,IAAIC,WAAWzB,IACxL,OAAO0B,KAAKC,OAAOC,aAAaC,MAAM,KAAMP,IAAiBQ,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,GACtH,CArC0BC,CAAqBhC,EAAoBG,EAAWD,GACrE,MAAA,KAAKC,QAAgBF,GAC9B,CAxC0EgC,CAAsBjC,EAAoBG,EAAWD,GAC7H,GAAID,IAAcS,EACV,MAAA,IAAItB,EAA2B,uBACzC,CCAAU,eAAsBoC,EACpBC,EACAjC,EACAkC,GAAwC,GAExC,MAAMnC,EAAYkC,EAAIE,QAAQC,IDVoF,4BCWlH,IAAKrC,EACH,OAAAsC,QAAQC,MAAM,4BACP,CAACC,KAAM,KAAMC,iBAAkB,MAGxC,MAAMD,QAAaN,EAAIQ,OACjBC,EAAiB1C,QDXzBJ,eAAgCE,EAAoBC,EAAWC,GACzD,IACF,aAAaH,EAAqBC,EAAoBC,EAAWC,IAAS,CAC3E,OAAQ2C,GACP,GAdqB,iBADCL,EAeDK,IAdsB,OAAVL,GAAkB,SAAUA,GAAS,CAAC,6BAA8B,+BAA+BM,SACpIN,EAAMO,MAcG,OAAA,EACH,MAAAF,CACP,CAlBH,IAA0BL,CAmB1B,CCGwCE,CAAiBD,EAAMxC,EAAWC,EAAOI,QAAU,KAEzF,OAAuB,IAAnBsC,GAA4BR,SACxB,IAAIY,SAASC,GAAYC,WAAWD,EAAS,OAG9C,CACLR,KAAMA,EAAKnC,OAAS6C,KAAKC,MAAMX,GAAQ,KACvCC,iBAAkBE,EAEtB","x_google_ignoreList":[0]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "next-sanity",
-  "version": "9.0.10",
+  "version": "9.0.11",
   "description": "Sanity.io toolkit for Next.js",
   "keywords": [
     "sanity",
@@ -122,28 +122,28 @@
     "@sanity/client": "^6.15.20",
     "@sanity/preview-kit": "5.0.47",
     "@sanity/visual-editing": "1.8.15",
-    "@sanity/webhook": "4.0.2-bc",
     "groq": "^3.37.1",
     "history": "^5.3.0"
   },
   "devDependencies": {
     "@sanity/browserslist-config": "^1.0.3",
     "@sanity/eslint-config-studio": "^4.0.0",
-    "@sanity/pkg-utils": "^6.8.3",
+    "@sanity/pkg-utils": "^6.8.6",
+    "@sanity/webhook": "4.0.4",
     "@types/react": "^18.2.79",
     "@typescript-eslint/eslint-plugin": "^7.7.1",
-    "@vitest/coverage-v8": "^1.5.0",
+    "@vitest/coverage-v8": "^1.5.2",
     "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-config-sanity": "^7.1.2",
     "eslint-gitignore": "^0.1.0",
     "eslint-plugin-simple-import-sort": "^12.1.0",
     "ls-engines": "^0.9.1",
-    "next": "14.2.2",
+    "next": "14.2.3",
     "react": "^18.2.0",
     "styled-components": "^6.1.8",
     "typescript": "5.4.5",
-    "vitest": "^1.5.0",
+    "vitest": "^1.5.2",
     "vitest-github-actions-reporter": "^0.11.1"
   },
   "peerDependencies": {