@cord-sdk/server - npm Package Compare versions

Comparing version 1.36.3-canary.4 to 1.37.0

dist/cjs/index.js

@@ -5,4 +5,4 @@ 'use strict';
 
+var jwt = require('jsonwebtoken');
 var crypto = require('crypto');
-var jwt = require('jsonwebtoken');
 
@@ -61,2 +61,25 @@ function _interopNamespace(e) {
 }
+
+async function fetchCordRESTApi(endpoint, { method = 'GET', project_id, project_secret, api_url = 'https://api.cord.com/', body, }) {
+    const encodedBody = typeof body === 'undefined' || typeof body === 'string'
+        ? body
+        : JSON.stringify(body);
+    const serverAuthToken = getServerAuthToken(project_id, project_secret);
+    const response = await fetch(`${api_url}${endpoint}`, {
+        method,
+        body: encodedBody,
+        headers: {
+            Authorization: `Bearer ${serverAuthToken}`,
+            'Content-Type': 'application/json',
+        },
+    });
+    if (response.ok) {
+        return await response.json();
+    }
+    else {
+        const responseText = await response.text();
+        throw new Error(`Error making Cord API call: ${response.status} ${response.statusText} ${responseText}`);
+    }
+}
+
 /**
@@ -134,2 +157,3 @@ * Will validate the signature of the webhook request to ensure the source of
 
+exports.fetchCordRESTApi = fetchCordRESTApi;
 exports.getApplicationManagementAuthToken = getApplicationManagementAuthToken;
@@ -136,0 +160,0 @@ exports.getClientAuthToken = getClientAuthToken;

dist/mjs/index.js

@@ -0,3 +1,3 @@
+import * as jwt from 'jsonwebtoken';
 import { createHmac } from 'crypto';
-import * as jwt from 'jsonwebtoken';
 
@@ -36,2 +36,25 @@ function getClientAuthToken(project_id, project_secret, payload, options = {}) {
 }
+
+async function fetchCordRESTApi(endpoint, { method = 'GET', project_id, project_secret, api_url = 'https://api.cord.com/', body, }) {
+    const encodedBody = typeof body === 'undefined' || typeof body === 'string'
+        ? body
+        : JSON.stringify(body);
+    const serverAuthToken = getServerAuthToken(project_id, project_secret);
+    const response = await fetch(`${api_url}${endpoint}`, {
+        method,
+        body: encodedBody,
+        headers: {
+            Authorization: `Bearer ${serverAuthToken}`,
+            'Content-Type': 'application/json',
+        },
+    });
+    if (response.ok) {
+        return await response.json();
+    }
+    else {
+        const responseText = await response.text();
+        throw new Error(`Error making Cord API call: ${response.status} ${response.statusText} ${responseText}`);
+    }
+}
+
 /**
@@ -109,3 +132,3 @@ * Will validate the signature of the webhook request to ensure the source of
 
-export { getApplicationManagementAuthToken, getClientAuthToken, getProjectManagementAuthToken, getServerAuthToken, parseEventPayload, tryValidateWebhookSignature, validateWebhookSignature };
+export { fetchCordRESTApi, getApplicationManagementAuthToken, getClientAuthToken, getProjectManagementAuthToken, getServerAuthToken, parseEventPayload, tryValidateWebhookSignature, validateWebhookSignature };
 //# sourceMappingURL=index.js.map

dist/mjs/types/index.d.ts

@@ -1,60 +0,3 @@
-import * as jwt from 'jsonwebtoken';
-import type { ClientAuthTokenData, ThreadMessageAddedWebhookPayload, NotificationCreatedWebhookPayload, URLVerificationWebhookPayload } from '@cord-sdk/types';
-export type { ClientAuthTokenData };
-export type CommonAuthTokenOptions = {
-    /**
-     * How long until the token expires.  If not set, defaults to 1 minute.
-     */
-    expires?: jwt.SignOptions['expiresIn'];
-};
-export type GetClientAuthTokenOptions = CommonAuthTokenOptions;
-export type GetServerAuthTokenOptions = CommonAuthTokenOptions;
-export type GetApplicationManagementAuthTokenOptions = CommonAuthTokenOptions;
-export type WebhookPayload = ThreadMessageAddedWebhookPayload | NotificationCreatedWebhookPayload | URLVerificationWebhookPayload;
-export type WebhookRequest = {
-    header(name: string): string;
-    body: {
-        type: string;
-    };
-};
-export declare function getClientAuthToken(project_id: string, project_secret: string, payload: Omit<ClientAuthTokenData, 'app_id' | 'project_id'>, options?: GetClientAuthTokenOptions): string;
-export declare function getServerAuthToken(project_id: string, project_secret: string, options?: GetServerAuthTokenOptions): string;
-export declare function getApplicationManagementAuthToken(customer_id: string, customer_secret: string, options?: GetApplicationManagementAuthTokenOptions): string;
-export declare function getProjectManagementAuthToken(customer_id: string, customer_secret: string): string;
-/**
- * Will validate the signature of the webhook request to ensure the source of
- * the request is Cord, and can be trusted.  Will throw an exception if there
- * are any problems with the request validation.
- * @param requestPayload The raw request payload. The object must have a header
- * function that will fetch header properties for the request, and a body
- * property that is the raw payload from the webhook request. See the node express
- * request format for a compatible implementation. Note the body must be
- * the data from the raw request request payload, without performing JSON deserialization.
- * @param projectSecret The project secret.  This is used to validate the
- * request body using the cord signature proof.  Details can be found here:
- * https://docs.cord.com/reference/events-webhook
- */
-export declare function validateWebhookSignature(requestPayload: WebhookRequest, projectSecret: string): void;
-/**
- * Will validate the signature of the webhook request to ensure the source of
- * the request is Cord, and can be trusted.  Will return false if there
- * are any problems with the request validation.
- * @param requestPayload The raw request payload. The object must have a header
- * function that will fetch header properties for the request, and a body
- * property that is the raw payload from the webhook request. See the node express
- * request format for a compatible implementation. Note the body must be
- * the data from the raw request request payload, without performing JSON deserialization.
- * @param projectSecret The project secret.  This is used to validate the
- * request body using the cord signature proof.  Details can be found here:
- * https://docs.cord.com/reference/events-webhook
- */
-export declare function tryValidateWebhookSignature(requestPayload: WebhookRequest, clientSecret: string): boolean;
-/**
- * Takes a request payload, and returns a typed object for handling
- * Cord webhook notifications.
- * @param requestPayload Request payload from a webhook request. Should have
- * a similar structure to express style request object.
- * @returns A typed  object to support handling webhook events. See:
- * https://docs.cord.com/reference/events-webhook
- */
-export declare function parseEventPayload(requestPayload: WebhookRequest): WebhookPayload;
+export * from './authToken.js';
+export * from './fetch.js';
+export * from './webhook.js';

package.json

 {
   "name": "@cord-sdk/server",
   "description": "Server-side portion of the Cord SDK",
-  "version": "1.36.3-canary.4",
+  "version": "1.37.0",
   "homepage": "https://docs.cord.com/",
@@ -25,3 +25,3 @@ "license": "MIT",
   "devDependencies": {
-    "@cord-sdk/types": "1.36.3-canary.4",
+    "@cord-sdk/types": "1.37.0",
     "@types/jsonwebtoken": "^8.5.9",
@@ -28,0 +28,0 @@ "typescript": "~5.1.6"

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Fixed alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26234

increased by17.73%

Number of package files

13

increased by30%

Lines of code

355

increased by18.33%

Number of low quality alerts

1

decreased by-50%

Worsened metrics

Number of medium supply chain risk alerts

2

increased byInfinity%

No dependency changes