stream-chat 9.43.1 → 9.44.0

package/README.md

@@ -151,7 +151,7 @@ yarn start
 
 ## 📚 More Code Examples
 
-Read up more on [Logging](./docs/logging.md) and [User Token](./docs/userToken.md) or visit our [documentation](https://getstream.io/chat/docs/) for more examples.
+Read up more on [Logging](./docs/logging.md), [User Token](./docs/userToken.md), and [Webhooks](./docs/webhooks.md) (including compressed payloads and SQS / SNS delivery) or visit our [documentation](https://getstream.io/chat/docs/) for more examples.
 
 ## ✍️ Contributing
 

package/dist/cjs/index.browser.js

@@ -48,6 +48,12 @@ var require_crypto = __commonJS({
   }
 });
 
+// (disabled):zlib
+var require_zlib = __commonJS({
+  "(disabled):zlib"() {
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -92,6 +98,8 @@ __export(index_exports, {
   FilterBuilder: () => FilterBuilder,
   FixedSizeQueueCache: () => FixedSizeQueueCache,
   InsightMetrics: () => InsightMetrics,
+  InvalidWebhookError: () => InvalidWebhookError,
+  InvalidWebhookErrorMessages: () => InvalidWebhookErrorMessages,
   JWTServerToken: () => JWTServerToken,
   JWTUserToken: () => JWTUserToken,
   LinkPreviewStatus: () => LinkPreviewStatus,
@@ -178,18 +186,24 @@ __export(index_exports, {
   createUploadConfigCheckMiddleware: () => createUploadConfigCheckMiddleware,
   createUploadErrorHandlerMiddleware: () => createUploadErrorHandlerMiddleware,
   decodeBase64: () => decodeBase64,
+  decodeSnsPayload: () => decodeSnsPayload,
+  decodeSqsPayload: () => decodeSqsPayload,
   defaultPollFieldBlurEventValidators: () => defaultPollFieldBlurEventValidators,
   defaultPollFieldChangeEventValidators: () => defaultPollFieldChangeEventValidators,
   encodeBase64: () => encodeBase64,
   ensureIsLocalAttachment: () => ensureIsLocalAttachment,
+  escapeCommandRegExp: () => escapeCommandRegExp,
   extractPollData: () => extractPollData,
   extractPollEnrichedData: () => extractPollEnrichedData,
   formatMessage: () => formatMessage,
   generateFileName: () => generateFileName,
   getAttachmentTypeFromMimeType: () => getAttachmentTypeFromMimeType,
+  getCompleteCommandInString: () => getCompleteCommandInString,
   getExtensionFromMimeType: () => getExtensionFromMimeType,
+  getRawCommandName: () => getRawCommandName,
   getTokenizedSuggestionDisplayName: () => getTokenizedSuggestionDisplayName,
   getTriggerCharWithToken: () => getTriggerCharWithToken,
+  gunzipPayload: () => gunzipPayload,
   insertItemWithTrigger: () => insertItemWithTrigger,
   isAudioAttachment: () => isAudioAttachment,
   isBlobButNotFile: () => isBlobButNotFile,
@@ -219,6 +233,10 @@ __export(index_exports, {
   localMessageToNewMessagePayload: () => localMessageToNewMessagePayload,
   logChatPromiseExecution: () => logChatPromiseExecution,
   mapPollStateToResponse: () => mapPollStateToResponse,
+  notifyCommandDisabled: () => notifyCommandDisabled,
+  parseEvent: () => parseEvent,
+  parseSns: () => parseSns,
+  parseSqs: () => parseSqs,
   pollCompositionStateProcessors: () => pollCompositionStateProcessors,
   pollStateChangeValidators: () => pollStateChangeValidators,
   postInsights: () => postInsights,
@@ -226,8 +244,11 @@ __export(index_exports, {
   readFileAsArrayBuffer: () => readFileAsArrayBuffer,
   removeDiacritics: () => removeDiacritics,
   replaceWordWithEntity: () => replaceWordWithEntity,
+  stripCommandFromText: () => stripCommandFromText,
   textIsEmpty: () => textIsEmpty,
-  timeLeftMs: () => timeLeftMs
+  timeLeftMs: () => timeLeftMs,
+  verifyAndParseWebhook: () => verifyAndParseWebhook,
+  verifySignature: () => verifySignature
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -839,7 +860,7 @@ var deleteUserMessages = ({
     if (message.user?.id === user.id) {
       messages[i] = message.type === "deleted" ? message : toDeletedMessage({ message, hardDelete, deletedAt });
     }
-    if (message.quoted_message?.user?.id === user.id) {
+    if (messages[i].quoted_message && message.quoted_message?.user?.id === user.id) {
       messages[i].quoted_message = message.quoted_message.type === "deleted" ? message.quoted_message : toDeletedMessage({
         message: messages[i].quoted_message,
         hardDelete,
@@ -7439,6 +7460,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       const draft = event.draft;
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid)
         return;
+      if (this.editedMessage) return;
       this.initState({ composition: draft });
     }).unsubscribe;
     this.subscribeDraftDeleted = () => this.client.on("draft.deleted", (event) => {
@@ -7446,6 +7468,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid) {
         return;
       }
+      if (this.editedMessage) return;
       this.logDraftUpdateTimestamp();
       if (this.compositionIsEmpty) {
         return;
@@ -9489,7 +9512,7 @@ var Channel = class {
     if (Array.isArray(this.data?.own_capabilities) && !this.data?.own_capabilities.includes("read-events")) {
       return false;
     }
-    if (this.muteStatus().muted) return false;
+    if (this.getClient()._muteStatus(this.cid).muted) return false;
     return true;
   }
   /**
@@ -11000,6 +11023,7 @@ var UploadManager = class {
 // src/signing.ts
 var import_jsonwebtoken = __toESM(require_jsonwebtoken());
 var import_crypto = __toESM(require_crypto());
+var import_zlib = __toESM(require_zlib());
 function JWTUserToken(apiSecret, userId, extraData = {}, jwtOptions = {}) {
   if (typeof userId !== "string") {
     throw new TypeError("userId should be a string");
@@ -11051,7 +11075,7 @@ function DevToken(userId) {
     // hardcoded signature
   ].join(".");
 }
-function CheckSignature(body, secret, signature) {
+function verifySignature(body, signature, secret) {
   const key = Buffer.from(secret, "utf8");
   const hash = import_crypto.default.createHmac("sha256", key).update(body).digest("hex");
   try {
@@ -11060,6 +11084,86 @@ function CheckSignature(body, secret, signature) {
     return false;
   }
 }
+function CheckSignature(body, secret, signature) {
+  return verifySignature(body, signature, secret);
+}
+var InvalidWebhookErrorMessages = {
+  signatureMismatch: "signature mismatch",
+  invalidBase64: "invalid base64 encoding",
+  gzipFailed: "gzip decompression failed",
+  invalidJson: "invalid JSON payload"
+};
+var InvalidWebhookError = class extends Error {
+  constructor(message = InvalidWebhookErrorMessages.signatureMismatch) {
+    super(message);
+    this.name = "InvalidWebhookError";
+  }
+};
+function gunzipPayload(rawBody) {
+  const GZIP_MAGIC = Buffer.from([31, 139]);
+  const body = Buffer.isBuffer(rawBody) ? rawBody : Buffer.from(rawBody);
+  if (body.length >= 2 && body.subarray(0, 2).equals(GZIP_MAGIC)) {
+    try {
+      return import_zlib.default.gunzipSync(body);
+    } catch {
+      throw new InvalidWebhookError(InvalidWebhookErrorMessages.gzipFailed);
+    }
+  }
+  return body;
+}
+function decodeSqsPayload(body) {
+  if (!/^[A-Za-z0-9+/]*={0,2}$/.test(body) || body.length % 4 !== 0) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  const decoded = Buffer.from(body, "base64");
+  if (decoded.toString("base64").length !== body.length) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  return gunzipPayload(decoded);
+}
+function decodeSnsPayload(notificationBody) {
+  const inner = extractSnsMessage(notificationBody);
+  return decodeSqsPayload(inner ?? notificationBody);
+}
+function extractSnsMessage(notificationBody) {
+  const trimmed = notificationBody.replace(/^[\s\uFEFF]+/, "");
+  if (!trimmed.startsWith("{")) {
+    return null;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed) || typeof parsed.Message !== "string") {
+    return null;
+  }
+  return parsed.Message;
+}
+function parseEvent(payload) {
+  const text = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidJson);
+  }
+}
+function verifyAndParse(payload, signature, secret) {
+  if (!verifySignature(payload, signature, secret)) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.signatureMismatch);
+  }
+  return parseEvent(payload);
+}
+function verifyAndParseWebhook(rawBody, signature, secret) {
+  return verifyAndParse(gunzipPayload(rawBody), signature, secret);
+}
+function parseSqs(messageBody) {
+  return parseEvent(decodeSqsPayload(messageBody));
+}
+function parseSns(notificationBody) {
+  return parseEvent(decodeSnsPayload(notificationBody));
+}
 
 // src/token_manager.ts
 var TokenManager = class {
@@ -14490,15 +14594,17 @@ var StreamChat = class _StreamChat {
       defaultOptions.watch = false;
     }
     const { predefined_filter, filter_values, sort_values, ...restOptions } = options;
+    const normalizedSort = normalizeQuerySort(sort);
     const payload = predefined_filter ? {
       predefined_filter,
       filter_values,
       sort_values,
+      sort: normalizedSort,
       ...defaultOptions,
       ...restOptions
     } : {
       filter_conditions: filterConditions,
-      sort: normalizeQuerySort(sort),
+      sort: normalizedSort,
       ...defaultOptions,
       ...restOptions
     };
@@ -15661,7 +15767,7 @@ var StreamChat = class _StreamChat {
     if (this.userAgent) {
       return this.userAgent;
     }
-    const version = "9.43.1";
+    const version = "9.44.0";
     const clientBundle = "browser-cjs";
     let userAgentString = "";
     if (this.sdkIdentifier) {
@@ -15754,7 +15860,50 @@ var StreamChat = class _StreamChat {
    * @returns {boolean}
    */
   verifyWebhook(requestBody, xSignature) {
-    return !!this.secret && CheckSignature(requestBody, this.secret, xSignature);
+    return !!this.secret && verifySignature(requestBody, xSignature, this.secret);
+  }
+  /**
+   * Verify and parse an HTTP webhook event.
+   *
+   * Decompresses `rawBody` when gzipped (detected from the body bytes),
+   * verifies the `X-Signature` header against the app's API secret, and
+   * returns the parsed `Event`. Works whether or not Stream is currently
+   * compressing payloads for this app, and stays correct behind
+   * middleware that auto-decompresses the request.
+   *
+   * @param rawBody Raw HTTP request body bytes Stream signed
+   * @param signature Value of the `X-Signature` header
+   * @throws {InvalidWebhookError} When the signature does not match or
+   *   the gzip envelope is malformed.
+   */
+  verifyAndParseWebhook(rawBody, signature) {
+    if (!this.secret) {
+      throw new InvalidWebhookError(
+        "cannot verify webhook signature without an API secret on the client"
+      );
+    }
+    return verifyAndParseWebhook(rawBody, signature, this.secret);
+  }
+  /**
+   * Parse an SQS firehose event: decodes the message `Body` (base64 +
+   * optional gzip) and returns the parsed `Event`. No HMAC verification
+   * (Stream does not sign SQS bodies).
+   *
+   * @param messageBody SQS message `Body` string
+   * @throws {InvalidWebhookError} When the base64 / gzip envelope is malformed.
+   */
+  parseSqs(messageBody) {
+    return parseSqs(messageBody);
+  }
+  /**
+   * Parse an SNS-delivered event (unwraps envelope JSON when needed, then
+   * same decode path as SQS). No HMAC verification.
+   *
+   * @param notificationBody Raw SNS POST body or pre-extracted `Message` string
+   * @throws {InvalidWebhookError} When the envelope cannot be decoded.
+   */
+  parseSns(notificationBody) {
+    return parseSns(notificationBody);
   }
   /** getPermission - gets the definition for a permission
    *