alexa-verifier - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

index.js

@@ -8,9 +8,7 @@ var crypto    = require('crypto')
 var validator = require('validator')
+var validateCertUri = require('./validate-cert-uri')
 
 
-// global constants
+// constants
 var TIMESTAMP_TOLERANCE = 150
-var VALID_CERT_HOSTNAME = 's3.amazonaws.com'
-var VALID_CERT_PATH_START = '/echo.api/'
-var VALID_CERT_PORT = '443'
 var SIGNATURE_FORMAT = 'base64'
@@ -92,20 +90,2 @@
 
-// parse a certificate and check it's contents for validity
-function validateCertUri(cert_uri) {
-  if (cert_uri.protocol !== 'https:') {
-    return "Certificate URI MUST be https: " + cert_uri
-  }
-  if (cert_uri.port && (cert_uri.port !== VALID_CERT_PORT)) {
-    return "Certificate URI port MUST be " + VALID_CERT_PORT + ", was: " + cert_uri.port
-  }
-  if (cert_uri.hostname !== VALID_CERT_HOSTNAME) {
-    return "Certificate URI hostname must be " + VALID_CERT_HOSTNAME + ": " + cert_uri.hostname
-  }
-  if (cert_uri.path.indexOf(VALID_CERT_PATH_START) !== 0) {
-    return "Certificate URI path must start with " + VALID_CERT_PATH_START + ": " + cert_uri
-  }
-  return true
-}
-
-
 // returns true if the signature for the request body is valid, false otherwise
@@ -146,3 +126,3 @@ function validateSignature(pem_cert, signature, requestBody) {
 // certificate validator express middleware for amazon echo
-var verifier = module.exports = function(cert_url, signature, requestBody, callback) {
+module.exports = function verifier(cert_url, signature, requestBody, callback) {
   var er
@@ -182,4 +162,1 @@ if (cert_url == null) {
 }
-
-// Export to make unit testing easier:
-verifier.validateCertUri = validateCertUri

package.json

 {
   "name": "alexa-verifier",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Verify HTTP requests sent to an Alexa skill are sent from Amazon",
@@ -5,0 +5,0 @@ "main": "index.js",

test/index.js

 var test     = require('tap').test
-var unroll   = require('unroll')
-unroll.use(test)
-
 var url      = require('url')
 var verifier = require('../')
 
-unroll('verifier.validateCertUri should be #valid for #url',
-  function(t, testArgs) {
-    var cert_uri = url.parse(testArgs['url'])
-    var result = verifier.validateCertUri(cert_uri)
-    var valid = testArgs['valid']
-    t.notEqual(valid, undefined)
-    if (valid === true) {
-      t.equal(result, true)
-    } else {
-      // I don't care too much about the error message, so do negated
-      // comparison with 'true':
-      t.notEqual(result, true)
-    }
-    t.end()
-  },
-  [
-    ['valid', 'url'],
-    [true, 'https://s3.amazonaws.com/echo.api/echo-api-cert.pem'],
-    [true, 'HTTPS://s3.amazonaws.com/echo.api/echo-api-cert.pem'],
-    [true, 'https://S3.AMAZONAWS.COM/echo.api/echo-api-cert.pem'],
-    [true, 'https://s3.amazonaws.com:443/echo.api/echo-api-cert.pem'],
-    [true, 'https://s3.amazonaws.com/echo.api/../echo.api/echo-api-cert.pem'],
-    [false, 'http://s3.amazonaws.com/echo.api/echo-api-cert.pem'],  // (invalid protocol)
-    [false, 'https://notamazon.com/echo.api/echo-api-cert.pem'],  // (invalid hostname)
-    [false, 'https://s3.amazonaws.com/EcHo.aPi/echo-api-cert.pem'],  // (invalid path)
-    [false, 'https://s3.amazonaws.com/invalid.path/echo-api-cert.pem'],  // (invalid path)
-    [false, 'https://s3.amazonaws.com:563/echo.api/echo-api-cert.pem']  // (invalid port)
-  ]
-)
 
-
 test('handle invalid cert_url parameter', function(t) {
@@ -40,0 +7,0 @@ var body, now, signature

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

13890

increased by0.66%

Number of package files

9

increased by28.57%

Lines of code

271

increased by1.12%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes