@octokit/webhooks-methods
Advanced tools
Comparing version 3.0.2 to 3.0.3
@@ -1,63 +0,111 @@ | ||
'use strict'; | ||
"use strict"; | ||
var __defProp = Object.defineProperty; | ||
var __getOwnPropDesc = Object.getOwnPropertyDescriptor; | ||
var __getOwnPropNames = Object.getOwnPropertyNames; | ||
var __hasOwnProp = Object.prototype.hasOwnProperty; | ||
var __export = (target, all) => { | ||
for (var name in all) | ||
__defProp(target, name, { get: all[name], enumerable: true }); | ||
}; | ||
var __copyProps = (to, from, except, desc) => { | ||
if (from && typeof from === "object" || typeof from === "function") { | ||
for (let key of __getOwnPropNames(from)) | ||
if (!__hasOwnProp.call(to, key) && key !== except) | ||
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); | ||
} | ||
return to; | ||
}; | ||
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); | ||
Object.defineProperty(exports, '__esModule', { value: true }); | ||
// pkg/dist-src/index.js | ||
var dist_src_exports = {}; | ||
__export(dist_src_exports, { | ||
sign: () => sign, | ||
verify: () => verify, | ||
verifyWithFallback: () => verifyWithFallback | ||
}); | ||
module.exports = __toCommonJS(dist_src_exports); | ||
var crypto = require('crypto'); | ||
var buffer = require('buffer'); | ||
// pkg/dist-src/node/sign.js | ||
var import_crypto = require("crypto"); | ||
var Algorithm; | ||
(function (Algorithm) { | ||
Algorithm["SHA1"] = "sha1"; | ||
Algorithm["SHA256"] = "sha256"; | ||
})(Algorithm || (Algorithm = {})); | ||
// pkg/dist-src/types.js | ||
var Algorithm = /* @__PURE__ */ ((Algorithm2) => { | ||
Algorithm2["SHA1"] = "sha1"; | ||
Algorithm2["SHA256"] = "sha256"; | ||
return Algorithm2; | ||
})(Algorithm || {}); | ||
const VERSION = "3.0.2"; | ||
// pkg/dist-src/version.js | ||
var VERSION = "3.0.3"; | ||
// pkg/dist-src/node/sign.js | ||
async function sign(options, payload) { | ||
const { | ||
secret, | ||
algorithm | ||
} = typeof options === "object" ? { | ||
const { secret, algorithm } = typeof options === "object" ? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256 | ||
} : { | ||
secret: options, | ||
algorithm: Algorithm.SHA256 | ||
}; | ||
} : { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()"); | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret & payload required for sign()" | ||
); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`); | ||
throw new TypeError( | ||
`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'` | ||
); | ||
} | ||
return `${algorithm}=${crypto.createHmac(algorithm, secret).update(payload).digest("hex")}`; | ||
return `${algorithm}=${(0, import_crypto.createHmac)(algorithm, secret).update(payload).digest("hex")}`; | ||
} | ||
sign.VERSION = VERSION; | ||
const getAlgorithm = signature => { | ||
// pkg/dist-src/node/verify.js | ||
var import_crypto2 = require("crypto"); | ||
var import_buffer = require("buffer"); | ||
// pkg/dist-src/utils.js | ||
var getAlgorithm = (signature) => { | ||
return signature.startsWith("sha256=") ? "sha256" : "sha1"; | ||
}; | ||
// pkg/dist-src/node/verify.js | ||
async function verify(secret, eventPayload, signature) { | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required"); | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret, eventPayload & signature required" | ||
); | ||
} | ||
const signatureBuffer = buffer.Buffer.from(signature); | ||
const signatureBuffer = import_buffer.Buffer.from(signature); | ||
const algorithm = getAlgorithm(signature); | ||
const verificationBuffer = buffer.Buffer.from(await sign({ | ||
secret, | ||
algorithm | ||
}, eventPayload)); | ||
const verificationBuffer = import_buffer.Buffer.from( | ||
await sign({ secret, algorithm }, eventPayload) | ||
); | ||
if (signatureBuffer.length !== verificationBuffer.length) { | ||
return false; | ||
} | ||
// constant time comparison to prevent timing attachs | ||
// https://stackoverflow.com/a/31096242/206879 | ||
// https://en.wikipedia.org/wiki/Timing_attack | ||
return crypto.timingSafeEqual(signatureBuffer, verificationBuffer); | ||
return (0, import_crypto2.timingSafeEqual)(signatureBuffer, verificationBuffer); | ||
} | ||
verify.VERSION = VERSION; | ||
exports.sign = sign; | ||
exports.verify = verify; | ||
//# sourceMappingURL=index.js.map | ||
// pkg/dist-src/index.js | ||
async function verifyWithFallback(secret, payload, signature, additionalSecrets) { | ||
const firstPass = await verify(secret, payload, signature); | ||
if (firstPass) { | ||
return true; | ||
} | ||
if (additionalSecrets !== void 0) { | ||
for (const s of additionalSecrets) { | ||
const v = await verify(s, payload, signature); | ||
if (v) { | ||
return v; | ||
} | ||
} | ||
} | ||
return false; | ||
} | ||
// Annotate the CommonJS export names for ESM import in node: | ||
0 && (module.exports = { | ||
sign, | ||
verify, | ||
verifyWithFallback | ||
}); |
@@ -1,2 +0,22 @@ | ||
export { sign } from "./node/sign"; | ||
export { verify } from "./node/verify"; | ||
import { sign } from "./node/sign"; | ||
import { verify } from "./node/verify"; | ||
async function verifyWithFallback(secret, payload, signature, additionalSecrets) { | ||
const firstPass = await verify(secret, payload, signature); | ||
if (firstPass) { | ||
return true; | ||
} | ||
if (additionalSecrets !== void 0) { | ||
for (const s of additionalSecrets) { | ||
const v = await verify(s, payload, signature); | ||
if (v) { | ||
return v; | ||
} | ||
} | ||
} | ||
return false; | ||
} | ||
export { | ||
sign, | ||
verify, | ||
verifyWithFallback | ||
}; |
import { createHmac } from "crypto"; | ||
import { Algorithm } from "../types"; | ||
import { VERSION } from "../version"; | ||
export async function sign(options, payload) { | ||
const { secret, algorithm } = typeof options === "object" | ||
? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256, | ||
} | ||
: { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()"); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`); | ||
} | ||
return `${algorithm}=${createHmac(algorithm, secret) | ||
.update(payload) | ||
.digest("hex")}`; | ||
async function sign(options, payload) { | ||
const { secret, algorithm } = typeof options === "object" ? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256 | ||
} : { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret & payload required for sign()" | ||
); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError( | ||
`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'` | ||
); | ||
} | ||
return `${algorithm}=${createHmac(algorithm, secret).update(payload).digest("hex")}`; | ||
} | ||
sign.VERSION = VERSION; | ||
export { | ||
sign | ||
}; |
@@ -6,17 +6,21 @@ import { timingSafeEqual } from "crypto"; | ||
import { getAlgorithm } from "../utils"; | ||
export async function verify(secret, eventPayload, signature) { | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required"); | ||
} | ||
const signatureBuffer = Buffer.from(signature); | ||
const algorithm = getAlgorithm(signature); | ||
const verificationBuffer = Buffer.from(await sign({ secret, algorithm }, eventPayload)); | ||
if (signatureBuffer.length !== verificationBuffer.length) { | ||
return false; | ||
} | ||
// constant time comparison to prevent timing attachs | ||
// https://stackoverflow.com/a/31096242/206879 | ||
// https://en.wikipedia.org/wiki/Timing_attack | ||
return timingSafeEqual(signatureBuffer, verificationBuffer); | ||
async function verify(secret, eventPayload, signature) { | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret, eventPayload & signature required" | ||
); | ||
} | ||
const signatureBuffer = Buffer.from(signature); | ||
const algorithm = getAlgorithm(signature); | ||
const verificationBuffer = Buffer.from( | ||
await sign({ secret, algorithm }, eventPayload) | ||
); | ||
if (signatureBuffer.length !== verificationBuffer.length) { | ||
return false; | ||
} | ||
return timingSafeEqual(signatureBuffer, verificationBuffer); | ||
} | ||
verify.VERSION = VERSION; | ||
export { | ||
verify | ||
}; |
@@ -1,5 +0,8 @@ | ||
export var Algorithm; | ||
(function (Algorithm) { | ||
Algorithm["SHA1"] = "sha1"; | ||
Algorithm["SHA256"] = "sha256"; | ||
})(Algorithm || (Algorithm = {})); | ||
var Algorithm = /* @__PURE__ */ ((Algorithm2) => { | ||
Algorithm2["SHA1"] = "sha1"; | ||
Algorithm2["SHA256"] = "sha256"; | ||
return Algorithm2; | ||
})(Algorithm || {}); | ||
export { | ||
Algorithm | ||
}; |
@@ -1,3 +0,6 @@ | ||
export const getAlgorithm = (signature) => { | ||
return signature.startsWith("sha256=") ? "sha256" : "sha1"; | ||
const getAlgorithm = (signature) => { | ||
return signature.startsWith("sha256=") ? "sha256" : "sha1"; | ||
}; | ||
export { | ||
getAlgorithm | ||
}; |
@@ -1,1 +0,4 @@ | ||
export const VERSION = "3.0.2"; | ||
const VERSION = "3.0.3"; | ||
export { | ||
VERSION | ||
}; |
@@ -5,54 +5,72 @@ import { Algorithm } from "./types"; | ||
function hexToUInt8Array(string) { | ||
// convert string to pairs of 2 characters | ||
const pairs = string.match(/[\dA-F]{2}/gi); | ||
// convert the octets to integers | ||
const integers = pairs.map(function (s) { | ||
return parseInt(s, 16); | ||
}); | ||
return new Uint8Array(integers); | ||
const pairs = string.match(/[\dA-F]{2}/gi); | ||
const integers = pairs.map(function(s) { | ||
return parseInt(s, 16); | ||
}); | ||
return new Uint8Array(integers); | ||
} | ||
function UInt8ArrayToHex(signature) { | ||
return Array.prototype.map | ||
.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")) | ||
.join(""); | ||
return Array.prototype.map.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")).join(""); | ||
} | ||
function getHMACHashName(algorithm) { | ||
return { | ||
[Algorithm.SHA1]: "SHA-1", | ||
[Algorithm.SHA256]: "SHA-256", | ||
}[algorithm]; | ||
return { | ||
[Algorithm.SHA1]: "SHA-1", | ||
[Algorithm.SHA256]: "SHA-256" | ||
}[algorithm]; | ||
} | ||
async function importKey(secret, algorithm) { | ||
// ref: https://developer.mozilla.org/en-US/docs/Web/API/HmacImportParams | ||
return crypto.subtle.importKey("raw", // raw format of the key - should be Uint8Array | ||
enc.encode(secret), { | ||
// algorithm details | ||
name: "HMAC", | ||
hash: { name: getHMACHashName(algorithm) }, | ||
}, false, // export = false | ||
["sign", "verify"] // what this key can do | ||
return crypto.subtle.importKey( | ||
"raw", | ||
// raw format of the key - should be Uint8Array | ||
enc.encode(secret), | ||
{ | ||
// algorithm details | ||
name: "HMAC", | ||
hash: { name: getHMACHashName(algorithm) } | ||
}, | ||
false, | ||
// export = false | ||
["sign", "verify"] | ||
// what this key can do | ||
); | ||
} | ||
async function sign(options, payload) { | ||
const { secret, algorithm } = typeof options === "object" ? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256 | ||
} : { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret & payload required for sign()" | ||
); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError( | ||
`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'` | ||
); | ||
} | ||
const signature = await crypto.subtle.sign( | ||
"HMAC", | ||
await importKey(secret, algorithm), | ||
enc.encode(payload) | ||
); | ||
return `${algorithm}=${UInt8ArrayToHex(signature)}`; | ||
} | ||
export async function sign(options, payload) { | ||
const { secret, algorithm } = typeof options === "object" | ||
? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256, | ||
} | ||
: { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()"); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`); | ||
} | ||
const signature = await crypto.subtle.sign("HMAC", await importKey(secret, algorithm), enc.encode(payload)); | ||
return `${algorithm}=${UInt8ArrayToHex(signature)}`; | ||
async function verify(secret, eventPayload, signature) { | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret, eventPayload & signature required" | ||
); | ||
} | ||
const algorithm = getAlgorithm(signature); | ||
return await crypto.subtle.verify( | ||
"HMAC", | ||
await importKey(secret, algorithm), | ||
hexToUInt8Array(signature.replace(`${algorithm}=`, "")), | ||
enc.encode(eventPayload) | ||
); | ||
} | ||
export async function verify(secret, eventPayload, signature) { | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required"); | ||
} | ||
const algorithm = getAlgorithm(signature); | ||
return await crypto.subtle.verify("HMAC", await importKey(secret, algorithm), hexToUInt8Array(signature.replace(`${algorithm}=`, "")), enc.encode(eventPayload)); | ||
} | ||
export { | ||
sign, | ||
verify | ||
}; |
export { sign } from "./node/sign"; | ||
export { verify } from "./node/verify"; | ||
import { verify } from "./node/verify"; | ||
export { verify }; | ||
export declare function verifyWithFallback(secret: string, payload: string, signature: string, additionalSecrets: undefined | string[]): Promise<any>; |
@@ -1,2 +0,2 @@ | ||
import { SignOptions } from "../types"; | ||
import { type SignOptions } from "../types"; | ||
export declare function sign(options: SignOptions | string, payload: string): Promise<string>; | ||
@@ -3,0 +3,0 @@ export declare namespace sign { |
@@ -1,1 +0,1 @@ | ||
export declare const VERSION = "3.0.2"; | ||
export declare const VERSION = "3.0.3"; |
@@ -1,3 +0,3 @@ | ||
import { SignOptions } from "./types"; | ||
import { type SignOptions } from "./types"; | ||
export declare function sign(options: SignOptions | string, payload: string): Promise<string>; | ||
export declare function verify(secret: string, eventPayload: string, signature: string): Promise<boolean>; |
@@ -1,68 +0,86 @@ | ||
var Algorithm; | ||
(function (Algorithm) { | ||
Algorithm["SHA1"] = "sha1"; | ||
Algorithm["SHA256"] = "sha256"; | ||
})(Algorithm || (Algorithm = {})); | ||
// pkg/dist-src/types.js | ||
var Algorithm = /* @__PURE__ */ ((Algorithm2) => { | ||
Algorithm2["SHA1"] = "sha1"; | ||
Algorithm2["SHA256"] = "sha256"; | ||
return Algorithm2; | ||
})(Algorithm || {}); | ||
const getAlgorithm = (signature) => { | ||
return signature.startsWith("sha256=") ? "sha256" : "sha1"; | ||
// pkg/dist-src/utils.js | ||
var getAlgorithm = (signature) => { | ||
return signature.startsWith("sha256=") ? "sha256" : "sha1"; | ||
}; | ||
const enc = new TextEncoder(); | ||
// pkg/dist-src/web.js | ||
var enc = new TextEncoder(); | ||
function hexToUInt8Array(string) { | ||
// convert string to pairs of 2 characters | ||
const pairs = string.match(/[\dA-F]{2}/gi); | ||
// convert the octets to integers | ||
const integers = pairs.map(function (s) { | ||
return parseInt(s, 16); | ||
}); | ||
return new Uint8Array(integers); | ||
const pairs = string.match(/[\dA-F]{2}/gi); | ||
const integers = pairs.map(function(s) { | ||
return parseInt(s, 16); | ||
}); | ||
return new Uint8Array(integers); | ||
} | ||
function UInt8ArrayToHex(signature) { | ||
return Array.prototype.map | ||
.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")) | ||
.join(""); | ||
return Array.prototype.map.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")).join(""); | ||
} | ||
function getHMACHashName(algorithm) { | ||
return { | ||
[Algorithm.SHA1]: "SHA-1", | ||
[Algorithm.SHA256]: "SHA-256", | ||
}[algorithm]; | ||
return { | ||
[Algorithm.SHA1]: "SHA-1", | ||
[Algorithm.SHA256]: "SHA-256" | ||
}[algorithm]; | ||
} | ||
async function importKey(secret, algorithm) { | ||
// ref: https://developer.mozilla.org/en-US/docs/Web/API/HmacImportParams | ||
return crypto.subtle.importKey("raw", // raw format of the key - should be Uint8Array | ||
enc.encode(secret), { | ||
// algorithm details | ||
name: "HMAC", | ||
hash: { name: getHMACHashName(algorithm) }, | ||
}, false, // export = false | ||
["sign", "verify"] // what this key can do | ||
); | ||
return crypto.subtle.importKey( | ||
"raw", | ||
// raw format of the key - should be Uint8Array | ||
enc.encode(secret), | ||
{ | ||
// algorithm details | ||
name: "HMAC", | ||
hash: { name: getHMACHashName(algorithm) } | ||
}, | ||
false, | ||
// export = false | ||
["sign", "verify"] | ||
// what this key can do | ||
); | ||
} | ||
async function sign(options, payload) { | ||
const { secret, algorithm } = typeof options === "object" | ||
? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256, | ||
} | ||
: { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret & payload required for sign()"); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError(`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'`); | ||
} | ||
const signature = await crypto.subtle.sign("HMAC", await importKey(secret, algorithm), enc.encode(payload)); | ||
return `${algorithm}=${UInt8ArrayToHex(signature)}`; | ||
const { secret, algorithm } = typeof options === "object" ? { | ||
secret: options.secret, | ||
algorithm: options.algorithm || Algorithm.SHA256 | ||
} : { secret: options, algorithm: Algorithm.SHA256 }; | ||
if (!secret || !payload) { | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret & payload required for sign()" | ||
); | ||
} | ||
if (!Object.values(Algorithm).includes(algorithm)) { | ||
throw new TypeError( | ||
`[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'` | ||
); | ||
} | ||
const signature = await crypto.subtle.sign( | ||
"HMAC", | ||
await importKey(secret, algorithm), | ||
enc.encode(payload) | ||
); | ||
return `${algorithm}=${UInt8ArrayToHex(signature)}`; | ||
} | ||
async function verify(secret, eventPayload, signature) { | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError("[@octokit/webhooks-methods] secret, eventPayload & signature required"); | ||
} | ||
const algorithm = getAlgorithm(signature); | ||
return await crypto.subtle.verify("HMAC", await importKey(secret, algorithm), hexToUInt8Array(signature.replace(`${algorithm}=`, "")), enc.encode(eventPayload)); | ||
if (!secret || !eventPayload || !signature) { | ||
throw new TypeError( | ||
"[@octokit/webhooks-methods] secret, eventPayload & signature required" | ||
); | ||
} | ||
const algorithm = getAlgorithm(signature); | ||
return await crypto.subtle.verify( | ||
"HMAC", | ||
await importKey(secret, algorithm), | ||
hexToUInt8Array(signature.replace(`${algorithm}=`, "")), | ||
enc.encode(eventPayload) | ||
); | ||
} | ||
export { sign, verify }; | ||
//# sourceMappingURL=index.js.map | ||
export { | ||
sign, | ||
verify | ||
}; |
{ | ||
"name": "@octokit/webhooks-methods", | ||
"publishConfig": { | ||
"access": "public" | ||
}, | ||
"version": "3.0.3", | ||
"description": "Methods to handle GitHub Webhook requests", | ||
"version": "3.0.2", | ||
"license": "MIT", | ||
"files": [ | ||
"dist-*/", | ||
"bin/" | ||
], | ||
"pika": true, | ||
"sideEffects": false, | ||
"repository": "github:octokit/webhooks-methods.js", | ||
"keywords": [ | ||
@@ -18,31 +15,45 @@ "github", | ||
], | ||
"repository": "github:octokit/webhooks-methods.js", | ||
"dependencies": {}, | ||
"peerDependencies": {}, | ||
"author": "Gregor Martynus (https://dev.to/gr2m)", | ||
"license": "MIT", | ||
"devDependencies": { | ||
"@gr2m/pika-plugin-build-web": "^0.6.0-issue-84.2", | ||
"@octokit/tsconfig": "^1.0.2", | ||
"@pika/pack": "^0.5.0", | ||
"@pika/plugin-build-node": "^0.9.2", | ||
"@pika/plugin-ts-standard-pkg": "^0.9.2", | ||
"@types/jest": "^29.0.0", | ||
"@types/node": "^18.0.0", | ||
"esbuild": "^0.17.19", | ||
"glob": "^10.2.6", | ||
"jest": "^29.0.0", | ||
"prettier": "2.8.2", | ||
"puppeteer": "^19.0.0", | ||
"semantic-release": "^20.0.0", | ||
"prettier": "2.8.8", | ||
"puppeteer": "^20.0.0", | ||
"semantic-release": "^21.0.0", | ||
"semantic-release-plugin-update-version-in-files": "^1.1.0", | ||
"ts-jest": "^29.0.0", | ||
"typescript": "^4.2.4" | ||
"typescript": "^5.0.0" | ||
}, | ||
"jest": { | ||
"preset": "ts-jest", | ||
"coverageThreshold": { | ||
"global": { | ||
"statements": 100, | ||
"branches": 100, | ||
"functions": 100, | ||
"lines": 100 | ||
} | ||
}, | ||
"testPathIgnorePatterns": [ | ||
"<rootDir>/node_modules/", | ||
"<rootDir>/test/deno/" | ||
] | ||
}, | ||
"engines": { | ||
"node": ">= 14" | ||
}, | ||
"publishConfig": { | ||
"access": "public" | ||
}, | ||
"source": "dist-src/index.js", | ||
"files": [ | ||
"dist-*/**" | ||
], | ||
"main": "dist-node/index.js", | ||
"browser": "dist-web/index.js", | ||
"types": "dist-types/index.d.ts", | ||
"main": "dist-node/index.js", | ||
"module": "dist-web/index.js" | ||
"module": "dist-src/index.js", | ||
"sideEffects": false | ||
} |
@@ -17,2 +17,3 @@ # webhooks-methods.js | ||
- [`verify()`](#verify) | ||
- [`verifyWithFallback()`](#verifyWithFallback) | ||
- [Contributing](#contributing) | ||
@@ -44,2 +45,3 @@ - [License](#license) | ||
verify, | ||
verifyWithFallback, | ||
} from "https://cdn.skypack.dev/@octokit/webhooks-methods"; | ||
@@ -59,3 +61,7 @@ </script> | ||
```js | ||
const { sign, verify } = require("@octokit/webhooks-methods"); | ||
const { | ||
sign, | ||
verify, | ||
verifyWithFallback, | ||
} = require("@octokit/webhooks-methods"); | ||
``` | ||
@@ -76,2 +82,5 @@ | ||
// resolves with true or false | ||
await verifyWithFallback("mysecret", eventPayloadString, "sha256=486d27...", ["oldsecret", ...]); | ||
// resolves with true or false | ||
``` | ||
@@ -191,2 +200,74 @@ | ||
### `verifyWithFallback()` | ||
```js | ||
await verifyWithFallback( | ||
secret, | ||
eventPayloadString, | ||
signature, | ||
additionalSecrets | ||
); | ||
``` | ||
<table width="100%"> | ||
<tr> | ||
<td> | ||
<code> | ||
secret | ||
</code> | ||
<em>(String)</em> | ||
</td> | ||
<td> | ||
<strong>Required.</strong> | ||
Secret as configured in GitHub Settings. | ||
</td> | ||
</tr> | ||
<tr> | ||
<td> | ||
<code> | ||
eventPayloadString | ||
</code> | ||
<em> | ||
(String) | ||
</em> | ||
</td> | ||
<td> | ||
<strong>Required.</strong> | ||
Webhook request payload as received from GitHub.<br> | ||
<br> | ||
If you have only access to an already parsed object, stringify it with <code>JSON.stringify(payload)</code> | ||
</td> | ||
</tr> | ||
<tr> | ||
<td> | ||
<code> | ||
signature | ||
</code> | ||
<em> | ||
(String) | ||
</em> | ||
</td> | ||
<td> | ||
<strong>Required.</strong> | ||
Signature string as calculated by <code><a href="../sign">sign()</a></code>. | ||
</td> | ||
</tr> | ||
<tr> | ||
<td> | ||
<code> | ||
additionalSecrets | ||
</code> | ||
<em> | ||
(Array of String) | ||
</em> | ||
</td> | ||
<td> | ||
If given, each additional secret will be tried in turn. | ||
</td> | ||
</tr> | ||
</table> | ||
This is a thin wrapper around [`verify()`](#verify) that is intended to ease callers' support for key rotation. | ||
Resolves with `true` or `false`. Throws error if a required argument is missing. | ||
## Contributing | ||
@@ -193,0 +274,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
28723
13
377
1
275
1