Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@cord-sdk/server

Package Overview
Dependencies
Maintainers
12
Versions
170
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cord-sdk/server - npm Package Compare versions

Comparing version 1.36.3-canary.4 to 1.37.0

dist/mjs/types/authToken.d.ts
dist/mjs/types/fetch.d.ts
dist/mjs/types/webhook.d.ts

26

dist/cjs/index.js

@@ -5,4 +5,4 @@ 'use strict';

var jwt = require('jsonwebtoken');
var crypto = require('crypto');
var jwt = require('jsonwebtoken');

@@ -61,2 +61,25 @@ function _interopNamespace(e) {

}
async function fetchCordRESTApi(endpoint, { method = 'GET', project_id, project_secret, api_url = 'https://api.cord.com/', body, }) {
const encodedBody = typeof body === 'undefined' || typeof body === 'string'
? body
: JSON.stringify(body);
const serverAuthToken = getServerAuthToken(project_id, project_secret);
const response = await fetch(`${api_url}${endpoint}`, {
method,
body: encodedBody,
headers: {
Authorization: `Bearer ${serverAuthToken}`,
'Content-Type': 'application/json',
},
});
if (response.ok) {
return await response.json();
}
else {
const responseText = await response.text();
throw new Error(`Error making Cord API call: ${response.status} ${response.statusText} ${responseText}`);
}
}
/**

@@ -134,2 +157,3 @@ * Will validate the signature of the webhook request to ensure the source of

exports.fetchCordRESTApi = fetchCordRESTApi;
exports.getApplicationManagementAuthToken = getApplicationManagementAuthToken;

@@ -136,0 +160,0 @@ exports.getClientAuthToken = getClientAuthToken;

27

dist/mjs/index.js

@@ -0,3 +1,3 @@

import * as jwt from 'jsonwebtoken';
import { createHmac } from 'crypto';
import * as jwt from 'jsonwebtoken';

@@ -36,2 +36,25 @@ function getClientAuthToken(project_id, project_secret, payload, options = {}) {

}
async function fetchCordRESTApi(endpoint, { method = 'GET', project_id, project_secret, api_url = 'https://api.cord.com/', body, }) {
const encodedBody = typeof body === 'undefined' || typeof body === 'string'
? body
: JSON.stringify(body);
const serverAuthToken = getServerAuthToken(project_id, project_secret);
const response = await fetch(`${api_url}${endpoint}`, {
method,
body: encodedBody,
headers: {
Authorization: `Bearer ${serverAuthToken}`,
'Content-Type': 'application/json',
},
});
if (response.ok) {
return await response.json();
}
else {
const responseText = await response.text();
throw new Error(`Error making Cord API call: ${response.status} ${response.statusText} ${responseText}`);
}
}
/**

@@ -109,3 +132,3 @@ * Will validate the signature of the webhook request to ensure the source of

export { getApplicationManagementAuthToken, getClientAuthToken, getProjectManagementAuthToken, getServerAuthToken, parseEventPayload, tryValidateWebhookSignature, validateWebhookSignature };
export { fetchCordRESTApi, getApplicationManagementAuthToken, getClientAuthToken, getProjectManagementAuthToken, getServerAuthToken, parseEventPayload, tryValidateWebhookSignature, validateWebhookSignature };
//# sourceMappingURL=index.js.map

63

dist/mjs/types/index.d.ts

@@ -1,60 +0,3 @@

import * as jwt from 'jsonwebtoken';
import type { ClientAuthTokenData, ThreadMessageAddedWebhookPayload, NotificationCreatedWebhookPayload, URLVerificationWebhookPayload } from '@cord-sdk/types';
export type { ClientAuthTokenData };
export type CommonAuthTokenOptions = {
/**
* How long until the token expires. If not set, defaults to 1 minute.
*/
expires?: jwt.SignOptions['expiresIn'];
};
export type GetClientAuthTokenOptions = CommonAuthTokenOptions;
export type GetServerAuthTokenOptions = CommonAuthTokenOptions;
export type GetApplicationManagementAuthTokenOptions = CommonAuthTokenOptions;
export type WebhookPayload = ThreadMessageAddedWebhookPayload | NotificationCreatedWebhookPayload | URLVerificationWebhookPayload;
export type WebhookRequest = {
header(name: string): string;
body: {
type: string;
};
};
export declare function getClientAuthToken(project_id: string, project_secret: string, payload: Omit<ClientAuthTokenData, 'app_id' | 'project_id'>, options?: GetClientAuthTokenOptions): string;
export declare function getServerAuthToken(project_id: string, project_secret: string, options?: GetServerAuthTokenOptions): string;
export declare function getApplicationManagementAuthToken(customer_id: string, customer_secret: string, options?: GetApplicationManagementAuthTokenOptions): string;
export declare function getProjectManagementAuthToken(customer_id: string, customer_secret: string): string;
/**
* Will validate the signature of the webhook request to ensure the source of
* the request is Cord, and can be trusted. Will throw an exception if there
* are any problems with the request validation.
* @param requestPayload The raw request payload. The object must have a header
* function that will fetch header properties for the request, and a body
* property that is the raw payload from the webhook request. See the node express
* request format for a compatible implementation. Note the body must be
* the data from the raw request request payload, without performing JSON deserialization.
* @param projectSecret The project secret. This is used to validate the
* request body using the cord signature proof. Details can be found here:
* https://docs.cord.com/reference/events-webhook
*/
export declare function validateWebhookSignature(requestPayload: WebhookRequest, projectSecret: string): void;
/**
* Will validate the signature of the webhook request to ensure the source of
* the request is Cord, and can be trusted. Will return false if there
* are any problems with the request validation.
* @param requestPayload The raw request payload. The object must have a header
* function that will fetch header properties for the request, and a body
* property that is the raw payload from the webhook request. See the node express
* request format for a compatible implementation. Note the body must be
* the data from the raw request request payload, without performing JSON deserialization.
* @param projectSecret The project secret. This is used to validate the
* request body using the cord signature proof. Details can be found here:
* https://docs.cord.com/reference/events-webhook
*/
export declare function tryValidateWebhookSignature(requestPayload: WebhookRequest, clientSecret: string): boolean;
/**
* Takes a request payload, and returns a typed object for handling
* Cord webhook notifications.
* @param requestPayload Request payload from a webhook request. Should have
* a similar structure to express style request object.
* @returns A typed object to support handling webhook events. See:
* https://docs.cord.com/reference/events-webhook
*/
export declare function parseEventPayload(requestPayload: WebhookRequest): WebhookPayload;
export * from './authToken.js';
export * from './fetch.js';
export * from './webhook.js';

4

package.json
{
"name": "@cord-sdk/server",
"description": "Server-side portion of the Cord SDK",
"version": "1.36.3-canary.4",
"version": "1.37.0",
"homepage": "https://docs.cord.com/",

@@ -25,3 +25,3 @@ "license": "MIT",

"devDependencies": {
"@cord-sdk/types": "1.36.3-canary.4",
"@cord-sdk/types": "1.37.0",
"@types/jsonwebtoken": "^8.5.9",

@@ -28,0 +28,0 @@ "typescript": "~5.1.6"

dist/cjs/index.js.map

Sorry, the diff of this file is not supported yet

dist/mjs/index.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc