stream-chat 9.43.2 → 9.44.0

package/dist/cjs/index.node.js

@@ -71,6 +71,8 @@ __export(index_exports, {
   FilterBuilder: () => FilterBuilder,
   FixedSizeQueueCache: () => FixedSizeQueueCache,
   InsightMetrics: () => InsightMetrics,
+  InvalidWebhookError: () => InvalidWebhookError,
+  InvalidWebhookErrorMessages: () => InvalidWebhookErrorMessages,
   JWTServerToken: () => JWTServerToken,
   JWTUserToken: () => JWTUserToken,
   LinkPreviewStatus: () => LinkPreviewStatus,
@@ -157,6 +159,8 @@ __export(index_exports, {
   createUploadConfigCheckMiddleware: () => createUploadConfigCheckMiddleware,
   createUploadErrorHandlerMiddleware: () => createUploadErrorHandlerMiddleware,
   decodeBase64: () => decodeBase64,
+  decodeSnsPayload: () => decodeSnsPayload,
+  decodeSqsPayload: () => decodeSqsPayload,
   defaultPollFieldBlurEventValidators: () => defaultPollFieldBlurEventValidators,
   defaultPollFieldChangeEventValidators: () => defaultPollFieldChangeEventValidators,
   encodeBase64: () => encodeBase64,
@@ -172,6 +176,7 @@ __export(index_exports, {
   getRawCommandName: () => getRawCommandName,
   getTokenizedSuggestionDisplayName: () => getTokenizedSuggestionDisplayName,
   getTriggerCharWithToken: () => getTriggerCharWithToken,
+  gunzipPayload: () => gunzipPayload,
   insertItemWithTrigger: () => insertItemWithTrigger,
   isAudioAttachment: () => isAudioAttachment,
   isBlobButNotFile: () => isBlobButNotFile,
@@ -202,6 +207,9 @@ __export(index_exports, {
   logChatPromiseExecution: () => logChatPromiseExecution,
   mapPollStateToResponse: () => mapPollStateToResponse,
   notifyCommandDisabled: () => notifyCommandDisabled,
+  parseEvent: () => parseEvent,
+  parseSns: () => parseSns,
+  parseSqs: () => parseSqs,
   pollCompositionStateProcessors: () => pollCompositionStateProcessors,
   pollStateChangeValidators: () => pollStateChangeValidators,
   postInsights: () => postInsights,
@@ -211,7 +219,9 @@ __export(index_exports, {
   replaceWordWithEntity: () => replaceWordWithEntity,
   stripCommandFromText: () => stripCommandFromText,
   textIsEmpty: () => textIsEmpty,
-  timeLeftMs: () => timeLeftMs
+  timeLeftMs: () => timeLeftMs,
+  verifyAndParseWebhook: () => verifyAndParseWebhook,
+  verifySignature: () => verifySignature
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -823,7 +833,7 @@ var deleteUserMessages = ({
     if (message.user?.id === user.id) {
       messages[i] = message.type === "deleted" ? message : toDeletedMessage({ message, hardDelete, deletedAt });
     }
-    if (message.quoted_message?.user?.id === user.id) {
+    if (messages[i].quoted_message && message.quoted_message?.user?.id === user.id) {
       messages[i].quoted_message = message.quoted_message.type === "deleted" ? message.quoted_message : toDeletedMessage({
         message: messages[i].quoted_message,
         hardDelete,
@@ -7423,6 +7433,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       const draft = event.draft;
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid)
         return;
+      if (this.editedMessage) return;
       this.initState({ composition: draft });
     }).unsubscribe;
     this.subscribeDraftDeleted = () => this.client.on("draft.deleted", (event) => {
@@ -7430,6 +7441,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid) {
         return;
       }
+      if (this.editedMessage) return;
       this.logDraftUpdateTimestamp();
       if (this.compositionIsEmpty) {
         return;
@@ -9473,7 +9485,7 @@ var Channel = class {
     if (Array.isArray(this.data?.own_capabilities) && !this.data?.own_capabilities.includes("read-events")) {
       return false;
     }
-    if (this.muteStatus().muted) return false;
+    if (this.getClient()._muteStatus(this.cid).muted) return false;
     return true;
   }
   /**
@@ -10984,6 +10996,7 @@ var UploadManager = class {
 // src/signing.ts
 var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var import_crypto = __toESM(require("crypto"));
+var import_zlib = __toESM(require("zlib"));
 function JWTUserToken(apiSecret, userId, extraData = {}, jwtOptions = {}) {
   if (typeof userId !== "string") {
     throw new TypeError("userId should be a string");
@@ -11035,7 +11048,7 @@ function DevToken(userId) {
     // hardcoded signature
   ].join(".");
 }
-function CheckSignature(body, secret, signature) {
+function verifySignature(body, signature, secret) {
   const key = Buffer.from(secret, "utf8");
   const hash = import_crypto.default.createHmac("sha256", key).update(body).digest("hex");
   try {
@@ -11044,6 +11057,86 @@ function CheckSignature(body, secret, signature) {
     return false;
   }
 }
+function CheckSignature(body, secret, signature) {
+  return verifySignature(body, signature, secret);
+}
+var InvalidWebhookErrorMessages = {
+  signatureMismatch: "signature mismatch",
+  invalidBase64: "invalid base64 encoding",
+  gzipFailed: "gzip decompression failed",
+  invalidJson: "invalid JSON payload"
+};
+var InvalidWebhookError = class extends Error {
+  constructor(message = InvalidWebhookErrorMessages.signatureMismatch) {
+    super(message);
+    this.name = "InvalidWebhookError";
+  }
+};
+function gunzipPayload(rawBody) {
+  const GZIP_MAGIC = Buffer.from([31, 139]);
+  const body = Buffer.isBuffer(rawBody) ? rawBody : Buffer.from(rawBody);
+  if (body.length >= 2 && body.subarray(0, 2).equals(GZIP_MAGIC)) {
+    try {
+      return import_zlib.default.gunzipSync(body);
+    } catch {
+      throw new InvalidWebhookError(InvalidWebhookErrorMessages.gzipFailed);
+    }
+  }
+  return body;
+}
+function decodeSqsPayload(body) {
+  if (!/^[A-Za-z0-9+/]*={0,2}$/.test(body) || body.length % 4 !== 0) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  const decoded = Buffer.from(body, "base64");
+  if (decoded.toString("base64").length !== body.length) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  return gunzipPayload(decoded);
+}
+function decodeSnsPayload(notificationBody) {
+  const inner = extractSnsMessage(notificationBody);
+  return decodeSqsPayload(inner ?? notificationBody);
+}
+function extractSnsMessage(notificationBody) {
+  const trimmed = notificationBody.replace(/^[\s\uFEFF]+/, "");
+  if (!trimmed.startsWith("{")) {
+    return null;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed) || typeof parsed.Message !== "string") {
+    return null;
+  }
+  return parsed.Message;
+}
+function parseEvent(payload) {
+  const text = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidJson);
+  }
+}
+function verifyAndParse(payload, signature, secret) {
+  if (!verifySignature(payload, signature, secret)) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.signatureMismatch);
+  }
+  return parseEvent(payload);
+}
+function verifyAndParseWebhook(rawBody, signature, secret) {
+  return verifyAndParse(gunzipPayload(rawBody), signature, secret);
+}
+function parseSqs(messageBody) {
+  return parseEvent(decodeSqsPayload(messageBody));
+}
+function parseSns(notificationBody) {
+  return parseEvent(decodeSnsPayload(notificationBody));
+}
 
 // src/token_manager.ts
 var TokenManager = class {
@@ -15647,7 +15740,7 @@ var StreamChat = class _StreamChat {
     if (this.userAgent) {
       return this.userAgent;
     }
-    const version = "9.43.2";
+    const version = "9.44.0";
     const clientBundle = "node-cjs";
     let userAgentString = "";
     if (this.sdkIdentifier) {
@@ -15740,7 +15833,50 @@ var StreamChat = class _StreamChat {
    * @returns {boolean}
    */
   verifyWebhook(requestBody, xSignature) {
-    return !!this.secret && CheckSignature(requestBody, this.secret, xSignature);
+    return !!this.secret && verifySignature(requestBody, xSignature, this.secret);
+  }
+  /**
+   * Verify and parse an HTTP webhook event.
+   *
+   * Decompresses `rawBody` when gzipped (detected from the body bytes),
+   * verifies the `X-Signature` header against the app's API secret, and
+   * returns the parsed `Event`. Works whether or not Stream is currently
+   * compressing payloads for this app, and stays correct behind
+   * middleware that auto-decompresses the request.
+   *
+   * @param rawBody Raw HTTP request body bytes Stream signed
+   * @param signature Value of the `X-Signature` header
+   * @throws {InvalidWebhookError} When the signature does not match or
+   *   the gzip envelope is malformed.
+   */
+  verifyAndParseWebhook(rawBody, signature) {
+    if (!this.secret) {
+      throw new InvalidWebhookError(
+        "cannot verify webhook signature without an API secret on the client"
+      );
+    }
+    return verifyAndParseWebhook(rawBody, signature, this.secret);
+  }
+  /**
+   * Parse an SQS firehose event: decodes the message `Body` (base64 +
+   * optional gzip) and returns the parsed `Event`. No HMAC verification
+   * (Stream does not sign SQS bodies).
+   *
+   * @param messageBody SQS message `Body` string
+   * @throws {InvalidWebhookError} When the base64 / gzip envelope is malformed.
+   */
+  parseSqs(messageBody) {
+    return parseSqs(messageBody);
+  }
+  /**
+   * Parse an SNS-delivered event (unwraps envelope JSON when needed, then
+   * same decode path as SQS). No HMAC verification.
+   *
+   * @param notificationBody Raw SNS POST body or pre-extracted `Message` string
+   * @throws {InvalidWebhookError} When the envelope cannot be decoded.
+   */
+  parseSns(notificationBody) {
+    return parseSns(notificationBody);
   }
   /** getPermission - gets the definition for a permission
    *
@@ -18291,6 +18427,8 @@ var FixedSizeQueueCache = class {
   FilterBuilder,
   FixedSizeQueueCache,
   InsightMetrics,
+  InvalidWebhookError,
+  InvalidWebhookErrorMessages,
   JWTServerToken,
   JWTUserToken,
   LinkPreviewStatus,
@@ -18377,6 +18515,8 @@ var FixedSizeQueueCache = class {
   createUploadConfigCheckMiddleware,
   createUploadErrorHandlerMiddleware,
   decodeBase64,
+  decodeSnsPayload,
+  decodeSqsPayload,
   defaultPollFieldBlurEventValidators,
   defaultPollFieldChangeEventValidators,
   encodeBase64,
@@ -18392,6 +18532,7 @@ var FixedSizeQueueCache = class {
   getRawCommandName,
   getTokenizedSuggestionDisplayName,
   getTriggerCharWithToken,
+  gunzipPayload,
   insertItemWithTrigger,
   isAudioAttachment,
   isBlobButNotFile,
@@ -18422,6 +18563,9 @@ var FixedSizeQueueCache = class {
   logChatPromiseExecution,
   mapPollStateToResponse,
   notifyCommandDisabled,
+  parseEvent,
+  parseSns,
+  parseSqs,
   pollCompositionStateProcessors,
   pollStateChangeValidators,
   postInsights,
@@ -18431,6 +18575,8 @@ var FixedSizeQueueCache = class {
   replaceWordWithEntity,
   stripCommandFromText,
   textIsEmpty,
-  timeLeftMs
+  timeLeftMs,
+  verifyAndParseWebhook,
+  verifySignature
 });
 //# sourceMappingURL=index.node.js.map