opticedge-cloud-utils 1.0.35 → 1.0.37

package/dist/types/user.d.ts

@@ -4,3 +4,34 @@ export declare enum UserCollectorType {
     Rookie = 1,
     Free = 2
 }
+export type User = {
+    cards: {
+        count: number;
+    };
+    collections: {
+        count: number;
+    };
+    email: string;
+    fcmTokens: Record<string, boolean>;
+    firstName: string;
+    fundAmount: number;
+    fundalert: number;
+    id: string;
+    insights: {
+        count: number;
+    };
+    isAppleUser: boolean;
+    isFacebookUser: boolean;
+    lastCardIndex: number;
+    lastGradingTime: number;
+    lastName: string;
+    soldCards: {
+        count: number;
+    };
+    thumbnail: string | undefined;
+    _collectorType: UserCollectorType;
+    _createdAt: number;
+    _currency: string;
+    _id: string;
+    _updatedAt: number;
+};

package/dist/utils/tw-utils.js

@@ -5,7 +5,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isValidWebhookSignature = isValidWebhookSignature;
 const crypto_1 = __importDefault(require("crypto"));
+const generateSignature = (body, secret) => {
+    return crypto_1.default.createHmac('sha256', secret).update(body).digest('hex');
+};
 function isValidWebhookSignature(secret, body, signature) {
-    const computedSignature = crypto_1.default.createHmac('sha256', secret).update(body).digest('hex');
-    return computedSignature === signature;
+    const expectedSignature = generateSignature(body, secret);
+    const expectedBuffer = Buffer.from(expectedSignature);
+    const signatureBuffer = Buffer.from(signature);
+    if (expectedBuffer.length !== signatureBuffer.length) {
+        return false;
+    }
+    return crypto_1.default.timingSafeEqual(expectedBuffer, signatureBuffer);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opticedge-cloud-utils",
-  "version": "1.0.35",
+  "version": "1.0.37",
   "description": "Common utilities for cloud functions",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/types/user.ts

@@ -4,3 +4,35 @@ export enum UserCollectorType {
   Rookie,
   Free
 }
+
+export type User = {
+  cards: {
+    count: number
+  }
+  collections: {
+    count: number
+  }
+  email: string
+  fcmTokens: Record<string, boolean>
+  firstName: string
+  fundAmount: number
+  fundalert: number
+  id: string
+  insights: {
+    count: number
+  }
+  isAppleUser: boolean
+  isFacebookUser: boolean
+  lastCardIndex: number
+  lastGradingTime: number
+  lastName: string
+  soldCards: {
+    count: number
+  }
+  thumbnail: string | undefined
+  _collectorType: UserCollectorType
+  _createdAt: number
+  _currency: string
+  _id: string
+  _updatedAt: number
+}

package/src/utils/tw-utils.ts

@@ -1,6 +1,18 @@
 import crypto from 'crypto'
 
+const generateSignature = (body: string, secret: string): string => {
+  return crypto.createHmac('sha256', secret).update(body).digest('hex')
+}
+
 export function isValidWebhookSignature(secret: string, body: string, signature: string): boolean {
-  const computedSignature = crypto.createHmac('sha256', secret).update(body).digest('hex')
-  return computedSignature === signature
+  const expectedSignature = generateSignature(body, secret)
+
+  const expectedBuffer = Buffer.from(expectedSignature)
+  const signatureBuffer = Buffer.from(signature)
+
+  if (expectedBuffer.length !== signatureBuffer.length) {
+    return false
+  }
+
+  return crypto.timingSafeEqual(expectedBuffer, signatureBuffer)
 }

package/dist/utils/thirdweb.d.ts

@@ -1 +0,0 @@
-export declare function isValidWebhookSignature(secret: string, body: string, signature: string): boolean;

package/dist/utils/thirdweb.js

@@ -1,11 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isValidWebhookSignature = isValidWebhookSignature;
-const crypto_1 = __importDefault(require("crypto"));
-function isValidWebhookSignature(secret, body, signature) {
-    const computedSignature = crypto_1.default.createHmac('sha256', secret).update(body).digest('hex');
-    return computedSignature === signature;
-}

package/dist/utils/thirdweb.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/utils/thirdweb.test.js

@@ -1,26 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const thirdweb_1 = require("./thirdweb");
-const crypto_1 = __importDefault(require("crypto"));
-describe('isValidWebhookSignature', () => {
-    const secret = 'test_secret';
-    const body = '{"message":"hello"}';
-    it('returns true for a valid signature', () => {
-        const validSignature = crypto_1.default.createHmac('sha256', secret).update(body).digest('hex');
-        expect((0, thirdweb_1.isValidWebhookSignature)(secret, body, validSignature)).toBe(true);
-    });
-    it('returns false for an invalid signature', () => {
-        const invalidSignature = 'invalidsignature123';
-        expect((0, thirdweb_1.isValidWebhookSignature)(secret, body, invalidSignature)).toBe(false);
-    });
-    it('returns false if body or secret is tampered', () => {
-        const originalSignature = crypto_1.default.createHmac('sha256', secret).update(body).digest('hex');
-        // wrong body
-        expect((0, thirdweb_1.isValidWebhookSignature)(secret, '{"message":"tampered"}', originalSignature)).toBe(false);
-        // wrong secret
-        expect((0, thirdweb_1.isValidWebhookSignature)('wrong_secret', body, originalSignature)).toBe(false);
-    });
-});