stream-chat 9.43.2 → 9.44.0

package/dist/esm/index.mjs

@@ -42,6 +42,12 @@ var require_crypto = __commonJS({
   }
 });
 
+// (disabled):zlib
+var require_zlib = __commonJS({
+  "(disabled):zlib"() {
+  }
+});
+
 // src/base64.ts
 import { fromByteArray } from "base64-js";
 function isString(arrayOrString) {
@@ -650,7 +656,7 @@ var deleteUserMessages = ({
     if (message.user?.id === user.id) {
       messages[i] = message.type === "deleted" ? message : toDeletedMessage({ message, hardDelete, deletedAt });
     }
-    if (message.quoted_message?.user?.id === user.id) {
+    if (messages[i].quoted_message && message.quoted_message?.user?.id === user.id) {
       messages[i].quoted_message = message.quoted_message.type === "deleted" ? message.quoted_message : toDeletedMessage({
         message: messages[i].quoted_message,
         hardDelete,
@@ -7250,6 +7256,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       const draft = event.draft;
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid)
         return;
+      if (this.editedMessage) return;
       this.initState({ composition: draft });
     }).unsubscribe;
     this.subscribeDraftDeleted = () => this.client.on("draft.deleted", (event) => {
@@ -7257,6 +7264,7 @@ var _MessageComposer = class _MessageComposer extends WithSubscriptions {
       if (!draft || (draft.parent_id ?? null) !== (this.threadId ?? null) || draft.channel_cid !== this.channel.cid) {
         return;
       }
+      if (this.editedMessage) return;
       this.logDraftUpdateTimestamp();
       if (this.compositionIsEmpty) {
         return;
@@ -9300,7 +9308,7 @@ var Channel = class {
     if (Array.isArray(this.data?.own_capabilities) && !this.data?.own_capabilities.includes("read-events")) {
       return false;
     }
-    if (this.muteStatus().muted) return false;
+    if (this.getClient()._muteStatus(this.cid).muted) return false;
     return true;
   }
   /**
@@ -10811,6 +10819,7 @@ var UploadManager = class {
 // src/signing.ts
 var import_jsonwebtoken = __toESM(require_jsonwebtoken());
 var import_crypto = __toESM(require_crypto());
+var import_zlib = __toESM(require_zlib());
 function JWTUserToken(apiSecret, userId, extraData = {}, jwtOptions = {}) {
   if (typeof userId !== "string") {
     throw new TypeError("userId should be a string");
@@ -10862,7 +10871,7 @@ function DevToken(userId) {
     // hardcoded signature
   ].join(".");
 }
-function CheckSignature(body, secret, signature) {
+function verifySignature(body, signature, secret) {
   const key = Buffer.from(secret, "utf8");
   const hash = import_crypto.default.createHmac("sha256", key).update(body).digest("hex");
   try {
@@ -10871,6 +10880,86 @@ function CheckSignature(body, secret, signature) {
     return false;
   }
 }
+function CheckSignature(body, secret, signature) {
+  return verifySignature(body, signature, secret);
+}
+var InvalidWebhookErrorMessages = {
+  signatureMismatch: "signature mismatch",
+  invalidBase64: "invalid base64 encoding",
+  gzipFailed: "gzip decompression failed",
+  invalidJson: "invalid JSON payload"
+};
+var InvalidWebhookError = class extends Error {
+  constructor(message = InvalidWebhookErrorMessages.signatureMismatch) {
+    super(message);
+    this.name = "InvalidWebhookError";
+  }
+};
+function gunzipPayload(rawBody) {
+  const GZIP_MAGIC = Buffer.from([31, 139]);
+  const body = Buffer.isBuffer(rawBody) ? rawBody : Buffer.from(rawBody);
+  if (body.length >= 2 && body.subarray(0, 2).equals(GZIP_MAGIC)) {
+    try {
+      return import_zlib.default.gunzipSync(body);
+    } catch {
+      throw new InvalidWebhookError(InvalidWebhookErrorMessages.gzipFailed);
+    }
+  }
+  return body;
+}
+function decodeSqsPayload(body) {
+  if (!/^[A-Za-z0-9+/]*={0,2}$/.test(body) || body.length % 4 !== 0) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  const decoded = Buffer.from(body, "base64");
+  if (decoded.toString("base64").length !== body.length) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidBase64);
+  }
+  return gunzipPayload(decoded);
+}
+function decodeSnsPayload(notificationBody) {
+  const inner = extractSnsMessage(notificationBody);
+  return decodeSqsPayload(inner ?? notificationBody);
+}
+function extractSnsMessage(notificationBody) {
+  const trimmed = notificationBody.replace(/^[\s\uFEFF]+/, "");
+  if (!trimmed.startsWith("{")) {
+    return null;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed) || typeof parsed.Message !== "string") {
+    return null;
+  }
+  return parsed.Message;
+}
+function parseEvent(payload) {
+  const text = Buffer.isBuffer(payload) ? payload.toString("utf8") : payload;
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.invalidJson);
+  }
+}
+function verifyAndParse(payload, signature, secret) {
+  if (!verifySignature(payload, signature, secret)) {
+    throw new InvalidWebhookError(InvalidWebhookErrorMessages.signatureMismatch);
+  }
+  return parseEvent(payload);
+}
+function verifyAndParseWebhook(rawBody, signature, secret) {
+  return verifyAndParse(gunzipPayload(rawBody), signature, secret);
+}
+function parseSqs(messageBody) {
+  return parseEvent(decodeSqsPayload(messageBody));
+}
+function parseSns(notificationBody) {
+  return parseEvent(decodeSnsPayload(notificationBody));
+}
 
 // src/token_manager.ts
 var TokenManager = class {
@@ -15474,7 +15563,7 @@ var StreamChat = class _StreamChat {
     if (this.userAgent) {
       return this.userAgent;
     }
-    const version = "9.43.2";
+    const version = "9.44.0";
     const clientBundle = "browser-esm";
     let userAgentString = "";
     if (this.sdkIdentifier) {
@@ -15567,7 +15656,50 @@ var StreamChat = class _StreamChat {
    * @returns {boolean}
    */
   verifyWebhook(requestBody, xSignature) {
-    return !!this.secret && CheckSignature(requestBody, this.secret, xSignature);
+    return !!this.secret && verifySignature(requestBody, xSignature, this.secret);
+  }
+  /**
+   * Verify and parse an HTTP webhook event.
+   *
+   * Decompresses `rawBody` when gzipped (detected from the body bytes),
+   * verifies the `X-Signature` header against the app's API secret, and
+   * returns the parsed `Event`. Works whether or not Stream is currently
+   * compressing payloads for this app, and stays correct behind
+   * middleware that auto-decompresses the request.
+   *
+   * @param rawBody Raw HTTP request body bytes Stream signed
+   * @param signature Value of the `X-Signature` header
+   * @throws {InvalidWebhookError} When the signature does not match or
+   *   the gzip envelope is malformed.
+   */
+  verifyAndParseWebhook(rawBody, signature) {
+    if (!this.secret) {
+      throw new InvalidWebhookError(
+        "cannot verify webhook signature without an API secret on the client"
+      );
+    }
+    return verifyAndParseWebhook(rawBody, signature, this.secret);
+  }
+  /**
+   * Parse an SQS firehose event: decodes the message `Body` (base64 +
+   * optional gzip) and returns the parsed `Event`. No HMAC verification
+   * (Stream does not sign SQS bodies).
+   *
+   * @param messageBody SQS message `Body` string
+   * @throws {InvalidWebhookError} When the base64 / gzip envelope is malformed.
+   */
+  parseSqs(messageBody) {
+    return parseSqs(messageBody);
+  }
+  /**
+   * Parse an SNS-delivered event (unwraps envelope JSON when needed, then
+   * same decode path as SQS). No HMAC verification.
+   *
+   * @param notificationBody Raw SNS POST body or pre-extracted `Message` string
+   * @throws {InvalidWebhookError} When the envelope cannot be decoded.
+   */
+  parseSns(notificationBody) {
+    return parseSns(notificationBody);
   }
   /** getPermission - gets the definition for a permission
    *
@@ -18117,6 +18249,8 @@ export {
   FilterBuilder,
   FixedSizeQueueCache,
   InsightMetrics,
+  InvalidWebhookError,
+  InvalidWebhookErrorMessages,
   JWTServerToken,
   JWTUserToken,
   LinkPreviewStatus,
@@ -18203,6 +18337,8 @@ export {
   createUploadConfigCheckMiddleware,
   createUploadErrorHandlerMiddleware,
   decodeBase64,
+  decodeSnsPayload,
+  decodeSqsPayload,
   defaultPollFieldBlurEventValidators,
   defaultPollFieldChangeEventValidators,
   encodeBase64,
@@ -18218,6 +18354,7 @@ export {
   getRawCommandName,
   getTokenizedSuggestionDisplayName,
   getTriggerCharWithToken,
+  gunzipPayload,
   insertItemWithTrigger,
   isAudioAttachment,
   isBlobButNotFile,
@@ -18248,6 +18385,9 @@ export {
   logChatPromiseExecution,
   mapPollStateToResponse,
   notifyCommandDisabled,
+  parseEvent,
+  parseSns,
+  parseSqs,
   pollCompositionStateProcessors,
   pollStateChangeValidators,
   postInsights,
@@ -18257,6 +18397,8 @@ export {
   replaceWordWithEntity,
   stripCommandFromText,
   textIsEmpty,
-  timeLeftMs
+  timeLeftMs,
+  verifyAndParseWebhook,
+  verifySignature
 };
 //# sourceMappingURL=index.mjs.map