gocardless-nodejs - npm Package Compare versions

Comparing version 3.25.0 to 3.26.0

constants.d.ts

		@@ -5,4 +5,4 @@ declare enum Environments {
		}
		declare const CLIENT_VERSION = "3.25.0";
		declare const CLIENT_VERSION = "3.26.0";
		declare const API_VERSION = "2015-07-06";
		export { Environments, CLIENT_VERSION, API_VERSION };

constants.js

		@@ -9,3 +9,3 @@ 'use strict';
		})(Environments \|\| (exports.Environments = Environments = {}));
		const CLIENT_VERSION = '3.25.0';
		const CLIENT_VERSION = '3.26.0';
		exports.CLIENT_VERSION = CLIENT_VERSION;
		@@ -12,0 +12,0 @@ const API_VERSION = '2015-07-06';

package.json

		{
		"name": "gocardless-nodejs",
		"version": "3.25.0",
		"version": "3.26.0",
		"description": "Node.js client for the GoCardless API - a powerful, simple solution for the collection of recurring bank-to-bank payments",
		@@ -29,4 +29,2 @@ "author": "GoCardless Ltd <client-libraries@gocardless.com>",
		"uuid": "^7.0.2",
		"crypto-js": "3.2.1",
		"buffer-equal-constant-time": "1.0.1",
		"qs": "^6.9.1"
		@@ -46,4 +44,4 @@ },
		"engines": {
		"node": ">=10.0"
		"node": ">=18.0"
		}
		}

webhooks.d.ts

		@@ -12,2 +12,5 @@ /**
		*/
		/// <reference types="node" />
		import crypto from 'crypto';
		import { Event } from './types/Types';
		declare function InvalidSignatureError(): void;
		@@ -18,9 +21,20 @@ /**
		*
		* @body [string]: The raw webhook body.
		* @webhookSecret [string]: The webhook endpoint secret for your webhook endpoint, as
		* @body The raw webhook body.
		* @webhookSecret The webhook endpoint secret for your webhook endpoint, as
		* configured in your GoCardless Dashboard.
		* @signatureHeader [string]: The signature included in the webhook request, as specified
		* @signatureHeader The signature included in the webhook request, as specified
		* by the `Webhook-Signature` header.
		*/
		declare function parse(body: string, webhookSecret: string, signatureHeader: string): any;
		export { parse, InvalidSignatureError };
		declare function parse(body: crypto.BinaryLike, webhookSecret: string, signatureHeader: string): Event[];
		/**
		* Validate the signature header. Note, we're using the `crypto.timingSafeEqual`
		* library for the hash comparison, to protect against timing attacks.
		*
		* @body The raw webhook body.
		* @webhookSecret The webhook endpoint secret for your webhook endpoint, as
		* configured in your GoCardless Dashboard.
		* @signatureHeader The signature included in the webhook request, as specified
		* by the `Webhook-Signature` header.
		*/
		declare function verifySignature(body: crypto.BinaryLike, webhookSecret: string, signatureHeader: string): void;
		export { parse, verifySignature, InvalidSignatureError };

webhooks.js

		@@ -17,5 +17,4 @@ "use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.InvalidSignatureError = exports.parse = void 0;
		const crypto_js_1 = __importDefault(require("crypto-js"));
		const buffer_equal_constant_time_1 = __importDefault(require("buffer-equal-constant-time"));
		exports.InvalidSignatureError = exports.verifySignature = exports.parse = void 0;
		const crypto_1 = __importDefault(require("crypto"));
		function InvalidSignatureError() {
		@@ -31,6 +30,6 @@ this.message =
		*
		* @body [string]: The raw webhook body.
		* @webhookSecret [string]: The webhook endpoint secret for your webhook endpoint, as
		* @body The raw webhook body.
		* @webhookSecret The webhook endpoint secret for your webhook endpoint, as
		* configured in your GoCardless Dashboard.
		* @signatureHeader [string]: The signature included in the webhook request, as specified
		* @signatureHeader The signature included in the webhook request, as specified
		* by the `Webhook-Signature` header.
		@@ -40,24 +39,29 @@ */
		verifySignature(body, webhookSecret, signatureHeader);
		const eventsData = JSON.parse(body)['events'];
		return eventsData.map(eventJson => eventJson);
		const bodyString = typeof body === 'string' ? body : body.toString();
		const eventsData = JSON.parse(bodyString);
		return eventsData.events;
		}
		exports.parse = parse;
		/**
		* Validate the signature header. Note, we're using the `buffer-equal-constant-time`
		* Validate the signature header. Note, we're using the `crypto.timingSafeEqual`
		* library for the hash comparison, to protect against timing attacks.
		*
		* @body [string]: The raw webhook body.
		* @webhookSecret [string]: The webhook endpoint secret for your webhook endpoint, as
		* @body The raw webhook body.
		* @webhookSecret The webhook endpoint secret for your webhook endpoint, as
		* configured in your GoCardless Dashboard.
		* @signatureHeader [string]: The signature included in the webhook request, as specified
		* @signatureHeader The signature included in the webhook request, as specified
		* by the `Webhook-Signature` header.
		*/
		function verifySignature(body, webhookSecret, signatureHeader) {
		const rawDigest = crypto_js_1.default.HmacSHA256(body, webhookSecret);
		const bufferDigest = Buffer.from(rawDigest.toString(crypto_js_1.default.enc.Hex));
		const bufferSignatureHeader = Buffer.from(signatureHeader);
		if (!(0, buffer_equal_constant_time_1.default)(bufferDigest, bufferSignatureHeader)) {
		const bufferDigest = crypto_1.default
		.createHmac('sha256', webhookSecret)
		.update(body)
		.digest();
		const bufferSignatureHeader = Buffer.from(signatureHeader, 'hex');
		if (bufferDigest.length !== bufferSignatureHeader.length \|\|
		!crypto_1.default.timingSafeEqual(bufferDigest, bufferSignatureHeader)) {
		throw new InvalidSignatureError();
		}
		}
		exports.verifySignature = verifySignature;
		//# sourceMappingURL=webhooks.js.map

webhooks.js.map

Sorry, the diff of this file is not supported yet

gocardless-nodejs - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes