payload-plugin-newsletter 0.21.1 → 0.21.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +18 -0
  2. package/dist/server.js +12 -5
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,3 +1,21 @@
1
+ ## [0.21.3] - 2025-08-06
2
+
3
+ ### Fixed
4
+ - Fixed webhook authentication by using correct Broadcast header names
5
+ - Changed from `x-broadcast-signature` to `broadcast-webhook-signature`
6
+ - Changed from `x-broadcast-timestamp` to `broadcast-webhook-timestamp`
7
+ - Added support for optional `broadcast-webhook-id` header
8
+ - Added timestamp validation to prevent replay attacks (5 minute window)
9
+ - Headers now match Broadcast's actual webhook implementation
10
+
11
+ ## [0.21.2] - 2025-08-06
12
+
13
+ ### Fixed
14
+ - Fixed webhook endpoint paths to include `/newsletter` prefix for proper API routing
15
+ - Changed `/webhooks/broadcast` to `/newsletter/webhooks/broadcast`
16
+ - Changed `/webhooks/verify` to `/newsletter/webhooks/verify`
17
+ - This ensures webhooks work correctly with Payload's API routing
18
+
1
19
  ## [0.21.1] - 2025-08-06
2
20
 
3
21
  ### Fixed
package/dist/server.js CHANGED
@@ -2725,7 +2725,7 @@ async function routeWebhookEvent(event, req, config) {
2725
2725
  // src/endpoints/webhooks/broadcast.ts
2726
2726
  var createBroadcastWebhookEndpoint = (config) => {
2727
2727
  return {
2728
- path: "/webhooks/broadcast",
2728
+ path: "/newsletter/webhooks/broadcast",
2729
2729
  method: "post",
2730
2730
  handler: async (req) => {
2731
2731
  try {
@@ -2738,12 +2738,19 @@ var createBroadcastWebhookEndpoint = (config) => {
2738
2738
  return Response.json({ error: "Webhook not configured" }, { status: 401 });
2739
2739
  }
2740
2740
  const headers = req.headers;
2741
- const signature = headers.get("x-broadcast-signature");
2742
- const timestamp = headers.get("x-broadcast-timestamp");
2741
+ const signature = headers.get("broadcast-webhook-signature");
2742
+ const timestamp = headers.get("broadcast-webhook-timestamp");
2743
+ const webhookId = headers.get("broadcast-webhook-id");
2743
2744
  if (!signature || !timestamp) {
2744
- console.error("[Broadcast Webhook] Missing signature or timestamp");
2745
+ console.error("[Broadcast Webhook] Missing signature or timestamp headers");
2745
2746
  return Response.json({ error: "Invalid request" }, { status: 401 });
2746
2747
  }
2748
+ const timestampNum = parseInt(timestamp, 10);
2749
+ const currentTime = Math.floor(Date.now() / 1e3);
2750
+ if (Math.abs(currentTime - timestampNum) > 300) {
2751
+ console.error("[Broadcast Webhook] Timestamp too old or invalid");
2752
+ return Response.json({ error: "Invalid timestamp" }, { status: 401 });
2753
+ }
2747
2754
  let rawBodyString;
2748
2755
  let rawBody;
2749
2756
  if (typeof req.json === "function") {
@@ -2791,7 +2798,7 @@ var createBroadcastWebhookEndpoint = (config) => {
2791
2798
  // src/endpoints/webhooks/verify.ts
2792
2799
  var createWebhookVerifyEndpoint = (config) => {
2793
2800
  return {
2794
- path: "/webhooks/verify",
2801
+ path: "/newsletter/webhooks/verify",
2795
2802
  method: "post",
2796
2803
  handler: async (req) => {
2797
2804
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "payload-plugin-newsletter",
3
- "version": "0.21.1",
3
+ "version": "0.21.3",
4
4
  "description": "Complete newsletter management plugin for Payload CMS with subscriber management, magic link authentication, and email service integration",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",