npm - stream-chat - Versions diffs - 9.43.2 → 9.44.0 - Mend

stream-chat 9.43.2 → 9.44.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +1 -1
package/dist/cjs/index.browser.js +148 -6
package/dist/cjs/index.browser.js.map +3 -3
package/dist/cjs/index.node.js +153 -7
package/dist/cjs/index.node.js.map +3 -3
package/dist/esm/index.mjs +148 -6
package/dist/esm/index.mjs.map +3 -3
package/dist/types/client.d.ts +32 -0
package/dist/types/signing.d.ts +99 -5
package/package.json +2 -1
package/src/channel.ts +3 -1
package/src/client.ts +56 -2
package/src/messageComposer/messageComposer.ts +2 -0
package/src/signing.ts +195 -7
package/src/utils.ts +1 -1

package/README.md CHANGED Viewed

@@ -151,7 +151,7 @@ yarn start
 ## 📚 More Code Examples
-Read up more on [Logging](./docs/logging.md) and [User Token](./docs/userToken.md) or visit our [documentation](https://getstream.io/chat/docs/) for more examples.
+Read up more on [Logging](./docs/logging.md), [User Token](./docs/userToken.md), and [Webhooks](./docs/webhooks.md) (including compressed payloads and SQS / SNS delivery) or visit our [documentation](https://getstream.io/chat/docs/) for more examples.
 ## ✍️ Contributing

package/dist/cjs/index.browser.js CHANGED Viewed

@@ -48,6 +48,12 @@ var require_crypto = __commonJS({
   }
 });
+// (disabled):zlib
+var require_zlib = __commonJS({
+  "(disabled):zlib"() {
+  }
+});
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -92,6 +98,8 @@ __export(index_exports, {
   FilterBuilder: () => FilterBuilder,
   FixedSizeQueueCache: () => FixedSizeQueueCache,
   InsightMetrics: () => InsightMetrics,
+  InvalidWebhookError: () => InvalidWebhookError,
+  InvalidWebhookErrorMessages: () => InvalidWebhookErrorMessages,
   JWTServerToken: () => JWTServerToken,
   JWTUserToken: () => JWTUserToken,
   LinkPreviewStatus: () => LinkPreviewStatus,
@@ -178,6 +186,8 @@ __export(index_exports, {
   createUploadConfigCheckMiddleware: () => createUploadConfigCheckMiddleware,
   createUploadErrorHandlerMiddleware: () => createUploadErrorHandlerMiddleware,
   decodeBase64: () => decodeBase64,
+  decodeSnsPayload: () => decodeSnsPayload,
+  decodeSqsPayload: () => decodeSqsPayload,
   defaultPollFieldBlurEventValidators: () => defaultPollFieldBlurEventValidators,
   defaultPollFieldChangeEventValidators: () => defaultPollFieldChangeEventValidators,
   encodeBase64: () => encodeBase64,
@@ -193,6 +203,7 @@ __export(index_exports, {
   getRawCommandName: () => getRawCommandName,
   getTokenizedSuggestionDisplayName: () => getTokenizedSuggestionDisplayName,
   getTriggerCharWithToken: () => getTriggerCharWithToken,
+  gunzipPayload: () => gunzipPayload,
   insertItemWithTrigger: () => insertItemWithTrigger,
   isAudioAttachment: () => isAudioAttachment,
   isBlobButNotFile: () => isBlobButNotFile,
@@ -223,6 +234,9 @@ __export(index_exports, {
   logChatPromiseExecution: () => logChatPromiseExecution,
   mapPollStateToResponse: () => mapPollStateToResponse,
   notifyCommandDisabled: () => notifyCommandDisabled,
+  parseEvent: () => parseEvent,
+  parseSns: () => parseSns,
+  parseSqs: () => parseSqs,
   pollCompositionStateProcessors: () => pollCompositionStateProcessors,
   pollStateChangeValidators: () => pollStateChangeValidators,
   postInsights: () => postInsights,
@@ -232,7 +246,9 @@ __export(index_exports, {
   replaceWordWithEntity: () => replaceWordWithEntity,
   stripCommandFromText: () => stripCommandFromText,
   textIsEmpty: () => textIsEmpty,
-  timeLeftMs: () => timeLeftMs
+  timeLeftMs: () => timeLeftMs,
+  verifyAndParseWebhook: () => verifyAndParseWebhook,
+  verifySignature: () => verifySignature
 });
 module.exports = __toCommonJS(index_exports);
@@ -844,7 +860,7 @@ var deleteUserMessages = ({
     if (message.user?.id === user.id) {
       messages[i] = message.type === "deleted" ? message : toDeletedMessage({ message, hardDelete, deletedAt });
     }
-    if (message.quoted_message?.user?.id === user.id) {
+    if (messages[i].quoted_message && message.quoted_message?.user?.id === user.id) {
       messages[i].quoted_message = message.quoted_message.type === "deleted" ? message.quoted_message : toDeletedMessage({
         message: messages[i].quoted_message,
         hardDelete,
@@ -7444,6 +7460,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       const draft = event.draft;
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid)
         return;
+      if (this.editedMessage) return;
       this.initState({ composition: draft });
     }).unsubscribe;
     this.subscribeDraftDeleted = () => this.client.on("draft.deleted", (event) => {
@@ -7451,6 +7468,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid) {
         return;
       }
+      if (this.editedMessage) return;
       this.logDraftUpdateTimestamp();
       if (this.compositionIsEmpty) {
         return;
@@ -9494,7 +9512,7 @@ var Channel = class {
     if (Array.isArray(this.data?.own_capabilities) && !this.data?.own_capabilities.includes("read-events")) {
       return false;
     }
-    if (this.muteStatus().muted) return false;
+    if (this.getClient()._muteStatus(this.cid).muted) return false;
     return true;
   }
   /**
@@ -11005,6 +11023,7 @@ var UploadManager = class {
 // src/signing.ts
 var import_jsonwebtoken = __toESM(require_jsonwebtoken());
 var import_crypto = __toESM(require_crypto());
+var import_zlib = __toESM(require_zlib());
 function JWTUserToken(apiSecret, userId, extraData = {}, jwtOptions = {}) {
   if (typeof userId !== "string") {
     throw new TypeError("userId should be a string");
@@ -11056,7 +11075,7 @@ function DevToken(userId) {
     // hardcoded signature
   ].join(".");
 }
-function CheckSignature(body, secret, signature) {
+function verifySignature(body, signature, secret) {
   const key = Buffer.from(secret, "utf8");
   const hash = import_crypto.default.createHmac("sha256", key).update(body).digest("hex");
   try {
@@ -11065,6 +11084,86 @@ function CheckSignature(body, secret, signature) {
     return false;
   }
 }
+function CheckSignature(body, secret, signature) {
+  return verifySignature(body, signature, secret);
+}
+var InvalidWebhookErrorMessages = {
+  signatureMismatch: "signature mismatch",
+  invalidBase64: "invalid base64 encoding",
+  gzipFailed: "gzip decompression failed",
+  invalidJson: "invalid JSON payload"
+};
+var InvalidWebhookError = class extends Error {
+  constructor(message = InvalidWebhookErrorMessages.signatureMismatch) {
+    super(message);
+    this.name = "InvalidWebhookError";
+  }
+};
+function gunzipPayload(rawBody) {
+  const GZIP_MAGIC = Buffer.from([31, 139]);
+  const body = Buffer.isBuffer(rawBody) ? rawBody : Buffer.from(rawBody);
+  if (body.length >= 2 && body.subarray(0, 2).equals(GZIP_MAGIC)) {
+    try {
+      return import_zlib.default.gunzipSync(body);
+    } catch {
+      throw new InvalidWebhookError(InvalidWebhookErrorMessages.gzipFailed);
+    }
+  }
+  return body;
+}
+function decodeSqsPayload(body) {
+  if (!/^[A-Za-z0-9+/]*={0,2}$/.test(body) || body.length % 4 !== 0) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  const decoded = Buffer.from(body, "base64");
+  if (decoded.toString("base64").length !== body.length) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  return gunzipPayload(decoded);
+}
+function decodeSnsPayload(notificationBody) {
+  const inner = extractSnsMessage(notificationBody);
+  return decodeSqsPayload(inner ?? notificationBody);
+}
+function extractSnsMessage(notificationBody) {
+  const trimmed = notificationBody.replace(/^[\s\uFEFF]+/, "");
+  if (!trimmed.startsWith("{")) {
+    return null;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed) || typeof parsed.Message !== "string") {
+    return null;
+  }
+  return parsed.Message;
+}
+function parseEvent(payload) {
+  const text = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidJson);
+  }
+}
+function verifyAndParse(payload, signature, secret) {
+  if (!verifySignature(payload, signature, secret)) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.signatureMismatch);
+  }
+  return parseEvent(payload);
+}
+function verifyAndParseWebhook(rawBody, signature, secret) {
+  return verifyAndParse(gunzipPayload(rawBody), signature, secret);
+}
+function parseSqs(messageBody) {
+  return parseEvent(decodeSqsPayload(messageBody));
+}
+function parseSns(notificationBody) {
+  return parseEvent(decodeSnsPayload(notificationBody));
+}
 // src/token_manager.ts
 var TokenManager = class {
@@ -15668,7 +15767,7 @@ var StreamChat = class _StreamChat {
     if (this.userAgent) {
       return this.userAgent;
     }
-    const version = "9.43.2";
+    const version = "9.44.0";
     const clientBundle = "browser-cjs";
     let userAgentString = "";
     if (this.sdkIdentifier) {
@@ -15761,7 +15860,50 @@ var StreamChat = class _StreamChat {
    * @returns {boolean}
    */
   verifyWebhook(requestBody, xSignature) {
-    return !!this.secret && CheckSignature(requestBody, this.secret, xSignature);
+    return !!this.secret && verifySignature(requestBody, xSignature, this.secret);
+  }
+  /**
+   * Verify and parse an HTTP webhook event.
+   *
+   * Decompresses `rawBody` when gzipped (detected from the body bytes),
+   * verifies the `X-Signature` header against the app's API secret, and
+   * returns the parsed `Event`. Works whether or not Stream is currently
+   * compressing payloads for this app, and stays correct behind
+   * middleware that auto-decompresses the request.
+   *
+   * @param rawBody Raw HTTP request body bytes Stream signed
+   * @param signature Value of the `X-Signature` header
+   * @throws {InvalidWebhookError} When the signature does not match or
+   *   the gzip envelope is malformed.
+   */
+  verifyAndParseWebhook(rawBody, signature) {
+    if (!this.secret) {
+      throw new InvalidWebhookError(
+        "cannot verify webhook signature without an API secret on the client"
+      );
+    }
+    return verifyAndParseWebhook(rawBody, signature, this.secret);
+  }
+  /**
+   * Parse an SQS firehose event: decodes the message `Body` (base64 +
+   * optional gzip) and returns the parsed `Event`. No HMAC verification
+   * (Stream does not sign SQS bodies).
+   *
+   * @param messageBody SQS message `Body` string
+   * @throws {InvalidWebhookError} When the base64 / gzip envelope is malformed.
+   */
+  parseSqs(messageBody) {
+    return parseSqs(messageBody);
+  }
+  /**
+   * Parse an SNS-delivered event (unwraps envelope JSON when needed, then
+   * same decode path as SQS). No HMAC verification.
+   *
+   * @param notificationBody Raw SNS POST body or pre-extracted `Message` string
+   * @throws {InvalidWebhookError} When the envelope cannot be decoded.
+   */
+  parseSns(notificationBody) {
+    return parseSns(notificationBody);
   }
   /** getPermission - gets the definition for a permission
    *