vessels-sdk 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.cjs +19 -10
  2. package/dist/index.d.cts +1 -1
  3. package/dist/index.d.ts +1 -1
  4. package/dist/index.js +19 -10
  5. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -1,7 +1,5 @@
1
1
  'use strict';
2
2
 
3
- var crypto = require('crypto');
4
-
5
3
  // src/index.ts
6
4
  var AgentActivityTypes = {
7
5
  thinking: "thinking",
@@ -189,16 +187,27 @@ var Vessels = class {
189
187
  // body: raw request body string (before JSON.parse)
190
188
  // signature: X-Vessels-Signature header value
191
189
  // webhookSecret: the secret shown when you created the webhook endpoint in Settings
192
- verifyWebhook(body, signature, webhookSecret) {
190
+ async verifyWebhook(body, signature, webhookSecret) {
193
191
  if (!signature.startsWith("sha256=")) return false;
194
- const expected = crypto.createHmac("sha256", webhookSecret).update(body).digest("hex");
195
- const received = signature.slice(7);
196
- if (expected.length !== received.length) return false;
197
- let diff = 0;
198
- for (let i = 0; i < expected.length; i++) {
199
- diff |= expected.charCodeAt(i) ^ received.charCodeAt(i);
192
+ try {
193
+ const enc = new TextEncoder();
194
+ const hexSig = signature.slice(7);
195
+ if (hexSig.length % 2 !== 0) return false;
196
+ const sigBytes = new Uint8Array(hexSig.length / 2);
197
+ for (let i = 0; i < sigBytes.length; i++) {
198
+ sigBytes[i] = parseInt(hexSig.slice(i * 2, i * 2 + 2), 16);
199
+ }
200
+ const key = await globalThis.crypto.subtle.importKey(
201
+ "raw",
202
+ enc.encode(webhookSecret),
203
+ { name: "HMAC", hash: "SHA-256" },
204
+ false,
205
+ ["verify"]
206
+ );
207
+ return await globalThis.crypto.subtle.verify("HMAC", key, sigBytes, enc.encode(body));
208
+ } catch {
209
+ return false;
200
210
  }
201
- return diff === 0;
202
211
  }
203
212
  };
204
213
 
package/dist/index.d.cts CHANGED
@@ -137,7 +137,7 @@ declare class Vessels {
137
137
  metadata?: Record<string, unknown>;
138
138
  }): _vessels_types.ConfirmPreviewInteraction;
139
139
  poll(options?: PollOptions): Promise<PollResponse>;
140
- verifyWebhook(body: string, signature: string, webhookSecret: string): boolean;
140
+ verifyWebhook(body: string, signature: string, webhookSecret: string): Promise<boolean>;
141
141
  }
142
142
 
143
143
  export { AgentActivityTypes, type InteractionResponseEvent, type PollEvent, type PollOptions, type PollResponse, type PushManyResult, type PushResponse, type UserMessageEvent, type VesselContext, Vessels, VesselsAuthError, type VesselsConfig, VesselsRateLimitError, VesselsValidationError };
package/dist/index.d.ts CHANGED
@@ -137,7 +137,7 @@ declare class Vessels {
137
137
  metadata?: Record<string, unknown>;
138
138
  }): _vessels_types.ConfirmPreviewInteraction;
139
139
  poll(options?: PollOptions): Promise<PollResponse>;
140
- verifyWebhook(body: string, signature: string, webhookSecret: string): boolean;
140
+ verifyWebhook(body: string, signature: string, webhookSecret: string): Promise<boolean>;
141
141
  }
142
142
 
143
143
  export { AgentActivityTypes, type InteractionResponseEvent, type PollEvent, type PollOptions, type PollResponse, type PushManyResult, type PushResponse, type UserMessageEvent, type VesselContext, Vessels, VesselsAuthError, type VesselsConfig, VesselsRateLimitError, VesselsValidationError };
package/dist/index.js CHANGED
@@ -1,5 +1,3 @@
1
- import { createHmac } from 'crypto';
2
-
3
1
  // src/index.ts
4
2
  var AgentActivityTypes = {
5
3
  thinking: "thinking",
@@ -187,16 +185,27 @@ var Vessels = class {
187
185
  // body: raw request body string (before JSON.parse)
188
186
  // signature: X-Vessels-Signature header value
189
187
  // webhookSecret: the secret shown when you created the webhook endpoint in Settings
190
- verifyWebhook(body, signature, webhookSecret) {
188
+ async verifyWebhook(body, signature, webhookSecret) {
191
189
  if (!signature.startsWith("sha256=")) return false;
192
- const expected = createHmac("sha256", webhookSecret).update(body).digest("hex");
193
- const received = signature.slice(7);
194
- if (expected.length !== received.length) return false;
195
- let diff = 0;
196
- for (let i = 0; i < expected.length; i++) {
197
- diff |= expected.charCodeAt(i) ^ received.charCodeAt(i);
190
+ try {
191
+ const enc = new TextEncoder();
192
+ const hexSig = signature.slice(7);
193
+ if (hexSig.length % 2 !== 0) return false;
194
+ const sigBytes = new Uint8Array(hexSig.length / 2);
195
+ for (let i = 0; i < sigBytes.length; i++) {
196
+ sigBytes[i] = parseInt(hexSig.slice(i * 2, i * 2 + 2), 16);
197
+ }
198
+ const key = await globalThis.crypto.subtle.importKey(
199
+ "raw",
200
+ enc.encode(webhookSecret),
201
+ { name: "HMAC", hash: "SHA-256" },
202
+ false,
203
+ ["verify"]
204
+ );
205
+ return await globalThis.crypto.subtle.verify("HMAC", key, sigBytes, enc.encode(body));
206
+ } catch {
207
+ return false;
198
208
  }
199
- return diff === 0;
200
209
  }
201
210
  };
202
211
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "vessels-sdk",
3
- "version": "0.3.0",
3
+ "version": "0.4.0",
4
4
  "description": "Let your agent reach you. Official Vessels SDK.",
5
5
  "type": "module",
6
6
  "exports": {