🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
nestjs-supabase-webhooks
Advanced tools
nestjs-supabase-webhooks - npm Package Compare versions
Comparing version 1.0.2-next.11 to 1.1.0-next.1
@@ -19,2 +19,3 @@ "use strict"; | ||
| const supabase_decorators_1 = require("./supabase.decorators"); | ||
| const crypto = require("crypto"); | ||
| let SupabaseEventHandlerHeaderGuard = SupabaseEventHandlerHeaderGuard_1 = class SupabaseEventHandlerHeaderGuard { | ||
@@ -31,9 +32,17 @@ constructor(supabaseWebhookConfig) { | ||
| const request = context.switchToHttp().getRequest(); | ||
| const secretRequestHeader = request.headers[this.supabaseWebhookConfig.webhookConfig.headerName]; | ||
| console.log(secretRequestHeader); | ||
| const isAuthentic = secretRequestHeader === this.supabaseWebhookConfig.webhookConfig.secret; | ||
| if (!isAuthentic) { | ||
| const signature = request.headers[this.supabaseWebhookConfig.webhookConfig.headerName]; | ||
| const body = request === null || request === void 0 ? void 0 : request.rawBody; | ||
| const decodedSignature = Buffer.from(signature, 'base64'); | ||
| const calculatedSignature = crypto | ||
| .createHmac('sha256', this.supabaseWebhookConfig.webhookConfig.secret) | ||
| .update(body) | ||
| .digest(); | ||
| const hmacMatch = crypto.timingSafeEqual(decodedSignature, calculatedSignature); | ||
| if (!hmacMatch) { | ||
| this.logger.warn('Supabase Webhook Guard: Request could not be authentified.'); | ||
| return false; | ||
| } | ||
| else { | ||
| this.logger.log('Supabase Webhook Guard: Request authentified.'); | ||
| } | ||
| return true; | ||
@@ -40,0 +49,0 @@ } |
@@ -89,3 +89,3 @@ "use strict"; | ||
| if (this.supabaseModuleConfig.enableEventLogs) { | ||
| this.logger.log(`Received event for: ${keys}`); | ||
| this.logger.log(`[${evt === null || evt === void 0 ? void 0 : evt.type}] ${evt === null || evt === void 0 ? void 0 : evt.schema}.${evt === null || evt === void 0 ? void 0 : evt.table}`); | ||
| } | ||
@@ -92,0 +92,0 @@ if (handlers && handlers.length) { |
| { | ||
| "name": "nestjs-supabase-webhooks", | ||
| "version": "1.0.2-next.11", | ||
| "version": "1.1.0-next.1", | ||
| "description": "NestJS module for Supabase Database Webhooks", | ||
@@ -42,8 +42,8 @@ "author": "“Valentin <valentin@whatdafox.com> (http://twitter.com/valentinprngd)", | ||
| "devDependencies": { | ||
| "@commitlint/cli": "^18.2.0", | ||
| "@commitlint/config-conventional": "^18.1.0", | ||
| "@types/lodash": "^4.14.200", | ||
| "@types/node": "^20.8.10", | ||
| "@commitlint/cli": "^18.4.1", | ||
| "@commitlint/config-conventional": "^18.4.0", | ||
| "@types/lodash": "^4.14.201", | ||
| "@types/node": "^20.9.0", | ||
| "husky": "^8.0.3", | ||
| "semantic-release": "^22.0.6", | ||
| "semantic-release": "^22.0.7", | ||
| "ts-toolbelt": "^9.6.0", | ||
@@ -53,4 +53,6 @@ "typescript": "^5.2.2" | ||
| "peerDependencies": { | ||
| "@nestjs/common": "^10.2.8", | ||
| "@nestjs/core": "^10.2.8", | ||
| "express": "^4.18.2" | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
30524
3.42%- Lines of code
333
2.78%Worsened metrics
- Dependency count
7
40%No dependency changes