New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@saleor/app-sdk
Advanced tools
@saleor/app-sdk - npm Package Compare versions
Comparing version 0.5.0 to 0.6.0
@@ -0,1 +1,2 @@ | ||
| "use strict"; | ||
| var __defProp = Object.defineProperty; | ||
@@ -2,0 +3,0 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor; |
@@ -0,1 +1,2 @@ | ||
| "use strict"; | ||
| var __create = Object.create; | ||
@@ -2,0 +3,0 @@ var __defProp = Object.defineProperty; |
@@ -7,3 +7,4 @@ import { Middleware } from 'retes'; | ||
| declare const withAuthTokenRequired: Middleware; | ||
| declare const withWebhookSignatureVerified: (secretKey?: string | undefined) => Middleware; | ||
| export { withAuthTokenRequired, withBaseURL, withSaleorDomainPresent, withSaleorEventMatch }; | ||
| export { withAuthTokenRequired, withBaseURL, withSaleorDomainPresent, withSaleorEventMatch, withWebhookSignatureVerified }; |
@@ -0,4 +1,7 @@ | ||
| "use strict"; | ||
| var __create = Object.create; | ||
| var __defProp = Object.defineProperty; | ||
| var __getOwnPropDesc = Object.getOwnPropertyDescriptor; | ||
| var __getOwnPropNames = Object.getOwnPropertyNames; | ||
| var __getProtoOf = Object.getPrototypeOf; | ||
| var __hasOwnProp = Object.prototype.hasOwnProperty; | ||
@@ -17,2 +20,3 @@ var __export = (target, all) => { | ||
| }; | ||
| var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod)); | ||
| var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); | ||
@@ -26,5 +30,8 @@ | ||
| withSaleorDomainPresent: () => withSaleorDomainPresent, | ||
| withSaleorEventMatch: () => withSaleorEventMatch | ||
| withSaleorEventMatch: () => withSaleorEventMatch, | ||
| withWebhookSignatureVerified: () => withWebhookSignatureVerified | ||
| }); | ||
| module.exports = __toCommonJS(middleware_exports); | ||
| var import_crypto = __toESM(require("crypto")); | ||
| var jose = __toESM(require("jose")); | ||
| var import_response = require("retes/response"); | ||
@@ -36,2 +43,6 @@ | ||
| // src/urls.ts | ||
| var urlProtocol = (saleorDomain) => saleorDomain === "localhost:8000" ? "http" : "https"; | ||
| var jwksUrl = (saleorDomain) => `${urlProtocol(saleorDomain)}://${saleorDomain}/.well-known/jwks.json`; | ||
| // src/middleware.ts | ||
@@ -47,3 +58,6 @@ var withBaseURL = (handler) => async (request) => { | ||
| if (!saleor_domain) { | ||
| return import_response.Response.BadRequest({ success: false, message: "Missing Saleor domain header." }); | ||
| return import_response.Response.BadRequest({ | ||
| success: false, | ||
| message: "Missing Saleor domain header." | ||
| }); | ||
| } | ||
@@ -55,3 +69,6 @@ return handler(request); | ||
| if (receivedEvent !== expectedEvent) { | ||
| return import_response.Response.BadRequest({ success: false, message: "Invalid Saleor Event" }); | ||
| return import_response.Response.BadRequest({ | ||
| success: false, | ||
| message: "Invalid Saleor Event" | ||
| }); | ||
| } | ||
@@ -63,6 +80,49 @@ return handler(request); | ||
| if (!auth_token) { | ||
| return import_response.Response.BadRequest({ success: false, message: "Missing auth token." }); | ||
| return import_response.Response.BadRequest({ | ||
| success: false, | ||
| message: "Missing auth token." | ||
| }); | ||
| } | ||
| return handler(request); | ||
| }; | ||
| var withWebhookSignatureVerified = (secretKey = void 0) => { | ||
| return (handler) => async (request) => { | ||
| if (request.rawBody === void 0) { | ||
| return import_response.Response.InternalServerError({ | ||
| success: false, | ||
| message: "Request payload already parsed." | ||
| }); | ||
| } | ||
| const { | ||
| [SALEOR_DOMAIN_HEADER]: saleorDomain, | ||
| "saleor-signature": payloadSignature | ||
| } = request.headers; | ||
| if (secretKey !== void 0) { | ||
| const calculatedSignature = import_crypto.default.createHmac("sha256", secretKey).update(request.rawBody).digest("hex"); | ||
| if (calculatedSignature !== payloadSignature) { | ||
| return import_response.Response.BadRequest({ | ||
| success: false, | ||
| message: "Invalid signature." | ||
| }); | ||
| } | ||
| } else { | ||
| const [header, _, signature] = payloadSignature.split("."); | ||
| const jws = { | ||
| protected: header, | ||
| payload: request.rawBody, | ||
| signature | ||
| }; | ||
| const jwksKey = await jose.createRemoteJWKSet(new URL(jwksUrl(saleorDomain)))(header, payloadSignature); | ||
| try { | ||
| await jose.flattenedVerify(jws, jwksKey); | ||
| } catch { | ||
| return import_response.Response.BadRequest({ | ||
| success: false, | ||
| message: "Invalid signature." | ||
| }); | ||
| } | ||
| } | ||
| return handler(request); | ||
| }; | ||
| }; | ||
| // Annotate the CommonJS export names for ESM import in node: | ||
@@ -73,3 +133,4 @@ 0 && (module.exports = { | ||
| withSaleorDomainPresent, | ||
| withSaleorEventMatch | ||
| withSaleorEventMatch, | ||
| withWebhookSignatureVerified | ||
| }); |
| { | ||
| "name": "@saleor/app-sdk", | ||
| "version": "0.5.0", | ||
| "version": "0.6.0", | ||
| "description": "SDK for building great Saleor Apps", | ||
@@ -12,3 +12,4 @@ "types": "index.d.ts", | ||
| "graphql": "^16.5.0", | ||
| "retes": "^0.27.1" | ||
| "jose": "^4.8.3", | ||
| "retes": "^0.29.4" | ||
| }, | ||
@@ -15,0 +16,0 @@ "exports": { |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by37.25%
20914
- Number of package files
- increased by30.77%
17
- Lines of code
- increased by46.96%
532
Worsened metrics
- Dependency count
- increased by33.33%
4
Dependency changes
+ Addedjose@^4.8.3
+ Addedjose@4.15.9(transitive)
+ Addedretes@0.29.4(transitive)
- Removedretes@0.27.2(transitive)
Updatedretes@^0.29.4