pusher 5.1.2 → 5.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -2
- package/lib/token.js +25 -25
- package/lib/webhook.js +5 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 5.1.3
|
|
4
|
+
|
|
5
|
+
[FIXED] Parsing of the extraTokens in webhook's isValid method
|
|
6
|
+
|
|
3
7
|
## 5.1.2
|
|
4
8
|
|
|
5
|
-
- [CHANGED] Add types/node-fetch to dependencies.
|
|
9
|
+
- [CHANGED] Add types/node-fetch to dependencies.
|
|
10
|
+
|
|
6
11
|
## 5.1.1-beta (2022-06-01)
|
|
7
12
|
|
|
8
13
|
[FIXED] Updated typescript types with new user features.
|
|
@@ -90,7 +95,7 @@ const pusher = new Pusher.forURL(process.env.PUSHER_URL, {
|
|
|
90
95
|
|
|
91
96
|
## 2.2.1 (2019-07-03)
|
|
92
97
|
|
|
93
|
-
no-op release to fix the description on https://www.npmjs.com/package/pusher
|
|
98
|
+
no-op release to fix the description on <https://www.npmjs.com/package/pusher>
|
|
94
99
|
|
|
95
100
|
## 2.2.0 (2018-11-26)
|
|
96
101
|
|
package/lib/token.js
CHANGED
|
@@ -7,31 +7,31 @@ const util = require("./util")
|
|
|
7
7
|
* @param {String} key app key
|
|
8
8
|
* @param {String} secret app secret
|
|
9
9
|
*/
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
/** Signs the string using the secret.
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
10
|
+
class Token {
|
|
11
|
+
constructor(key, secret) {
|
|
12
|
+
this.key = key
|
|
13
|
+
this.secret = secret
|
|
14
|
+
}
|
|
15
|
+
/** Signs the string using the secret.
|
|
16
|
+
*
|
|
17
|
+
* @param {String} string
|
|
18
|
+
* @returns {String}
|
|
19
|
+
*/
|
|
20
|
+
sign(string) {
|
|
21
|
+
return crypto
|
|
22
|
+
.createHmac("sha256", this.secret)
|
|
23
|
+
.update(Buffer.from(string))
|
|
24
|
+
.digest("hex")
|
|
25
|
+
}
|
|
26
|
+
/** Checks if the string has correct signature.
|
|
27
|
+
*
|
|
28
|
+
* @param {String} string
|
|
29
|
+
* @param {String} signature
|
|
30
|
+
* @returns {Boolean}
|
|
31
|
+
*/
|
|
32
|
+
verify(string, signature) {
|
|
33
|
+
return util.secureCompare(this.sign(string), signature)
|
|
34
|
+
}
|
|
35
35
|
}
|
|
36
36
|
|
|
37
37
|
module.exports = Token
|
package/lib/webhook.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
const errors = require("./errors")
|
|
2
|
+
const Token = require("./token")
|
|
2
3
|
|
|
3
4
|
/** Provides validation and access methods for a WebHook.
|
|
4
5
|
*
|
|
@@ -46,7 +47,10 @@ WebHook.prototype.isValid = function (extraTokens) {
|
|
|
46
47
|
|
|
47
48
|
const tokens = [this.token].concat(extraTokens)
|
|
48
49
|
for (const i in tokens) {
|
|
49
|
-
|
|
50
|
+
let token = tokens[i]
|
|
51
|
+
if (token instanceof Token === false) {
|
|
52
|
+
token = new Token(token.key, token.secret)
|
|
53
|
+
}
|
|
50
54
|
if (this.key == token.key && token.verify(this.body, this.signature)) {
|
|
51
55
|
return true
|
|
52
56
|
}
|