pipework 0.7.5 → 0.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/webhook/verify.d.ts +5 -3
  2. package/dist/webhook/verify.d.ts.map +1 -1
  3. package/dist/webhook/verify.js +5 -2
  4. package/dist/webhook/verify.js.map +1 -1
  5. package/package.json +1 -1
package/dist/webhook/verify.d.ts CHANGED
@@ -1,14 +1,16 @@
1
1
  export interface SignatureVerifier {
2
2
  verify(rawBody: Buffer, headers: Readonly<Record<string, string | undefined>>): boolean;
3
3
  }
4
+ type LazySecret = string | (() => string);
4
5
  export declare function hmacVerifier(options: {
5
- secret: string;
6
+ secret: LazySecret;
6
7
  algorithm?: string;
7
8
  header: string;
8
9
  prefix?: string;
9
10
  encoding?: 'hex' | 'base64';
10
11
  computePayload?: (rawBody: Buffer, headers: Readonly<Record<string, string | undefined>>) => Buffer;
11
12
  }): SignatureVerifier;
12
- export declare function stripeVerifier(secret: string): SignatureVerifier;
13
- export declare function githubVerifier(secret: string): SignatureVerifier;
13
+ export declare function stripeVerifier(secret: LazySecret): SignatureVerifier;
14
+ export declare function githubVerifier(secret: LazySecret): SignatureVerifier;
15
+ export {};
14
16
  //# sourceMappingURL=verify.d.ts.map
package/dist/webhook/verify.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/webhook/verify.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,GAAG,OAAO,CAAA;CACxF;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE;IACpC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAA;IAC3B,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,KAAK,MAAM,CAAA;CACpG,GAAG,iBAAiB,CAuBpB;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB,CA2BhE;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB,CAQhE"}
1
+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/webhook/verify.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,GAAG,OAAO,CAAA;CACxF;AAED,KAAK,UAAU,GAAG,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,CAAA;AAMzC,wBAAgB,YAAY,CAAC,OAAO,EAAE;IACpC,MAAM,EAAE,UAAU,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAA;IAC3B,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,KAAK,MAAM,CAAA;CACpG,GAAG,iBAAiB,CAuBpB;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,iBAAiB,CA2BpE;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,iBAAiB,CAQpE"}
package/dist/webhook/verify.js CHANGED
@@ -1,4 +1,7 @@
1
1
  import { createHmac, timingSafeEqual } from 'node:crypto';
2
+ function resolveSecret(secret) {
3
+ return typeof secret === 'function' ? secret() : secret;
4
+ }
2
5
  export function hmacVerifier(options) {
3
6
  const algorithm = options.algorithm ?? 'sha256';
4
7
  const encoding = options.encoding ?? 'hex';
@@ -11,7 +14,7 @@ export function hmacVerifier(options) {
11
14
  const payload = options.computePayload !== undefined
12
15
  ? options.computePayload(rawBody, headers)
13
16
  : rawBody;
14
- const expected = prefix + createHmac(algorithm, options.secret).update(payload).digest(encoding);
17
+ const expected = prefix + createHmac(algorithm, resolveSecret(options.secret)).update(payload).digest(encoding);
15
18
  try {
16
19
  return timingSafeEqual(Buffer.from(headerValue), Buffer.from(expected));
17
20
  }
@@ -39,7 +42,7 @@ export function stripeVerifier(secret) {
39
42
  if (timestamp === undefined || v1Sig === undefined)
40
43
  return false;
41
44
  const signedPayload = Buffer.from(`${timestamp}.${rawBody.toString('utf-8')}`);
42
- const expected = createHmac('sha256', secret).update(signedPayload).digest('hex');
45
+ const expected = createHmac('sha256', resolveSecret(secret)).update(signedPayload).digest('hex');
43
46
  try {
44
47
  return timingSafeEqual(Buffer.from(v1Sig), Buffer.from(expected));
45
48
  }
package/dist/webhook/verify.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/webhook/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAMzD,MAAM,UAAU,YAAY,CAAC,OAO5B;IACC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,QAAQ,CAAA;IAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAA;IAC1C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAA;IAEnC,OAAO;QACL,MAAM,CAAC,OAAO,EAAE,OAAO;YACrB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;YACzD,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,EAAE;gBAAE,OAAO,KAAK,CAAA;YAEjE,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,KAAK,SAAS;gBAClD,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC;gBAC1C,CAAC,CAAC,OAAO,CAAA;YAEX,MAAM,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;YAEhG,IAAI,CAAC;gBACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;YACzE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,OAAO;QACL,MAAM,CAAC,OAAO,EAAE,OAAO;YACrB,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;YAC7C,IAAI,SAAS,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAA;YAEzC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAA;YACvC,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC/B,IAAI,KAAK,KAAK,CAAC,CAAC;oBAAE,SAAQ;gBAC1B,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;YACtE,CAAC;YAED,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAChC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAC7B,IAAI,SAAS,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAA;YAEhE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAC9E,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAEjF,IAAI,CAAC;gBACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;YACnE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,OAAO,YAAY,CAAC;QAClB,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,qBAAqB;QAC7B,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAA;AACJ,CAAC"}
1
+ {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/webhook/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAQzD,SAAS,aAAa,CAAC,MAAkB;IACvC,OAAO,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAA;AACzD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAO5B;IACC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,QAAQ,CAAA;IAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAA;IAC1C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAA;IAEnC,OAAO;QACL,MAAM,CAAC,OAAO,EAAE,OAAO;YACrB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;YACzD,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,EAAE;gBAAE,OAAO,KAAK,CAAA;YAEjE,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,KAAK,SAAS;gBAClD,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC;gBAC1C,CAAC,CAAC,OAAO,CAAA;YAEX,MAAM,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;YAE/G,IAAI,CAAC;gBACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;YACzE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,OAAO;QACL,MAAM,CAAC,OAAO,EAAE,OAAO;YACrB,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;YAC7C,IAAI,SAAS,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAA;YAEzC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAA;YACvC,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC/B,IAAI,KAAK,KAAK,CAAC,CAAC;oBAAE,SAAQ;gBAC1B,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;YACtE,CAAC;YAED,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAChC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAC7B,IAAI,SAAS,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAA;YAEhE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAC9E,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAEhG,IAAI,CAAC;gBACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;YACnE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,OAAO,YAAY,CAAC;QAClB,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,qBAAqB;QAC7B,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAA;AACJ,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pipework",
3
- "version": "0.7.5",
3
+ "version": "0.7.6",
4
4
  "description": "TypeScript framework for multi-tenant SaaS applications. PostgreSQL-only.",
5
5
  "type": "module",
6
6
  "license": "MIT",