octoflare - npm Package Compare versions

Comparing version 0.3.0 to 0.3.1

dist/index.d.ts

 export { octoflare } from './octoflare.js';
-export type { OctoflareHandler } from './types/OctoflareHandler.js';
+export type * from './types/index.js';

dist/octoflare.d.ts

@@ -1,5 +0,5 @@
-import { InternalEnv } from './types/InternalEnv.js';
+import { OctoflareEnv } from './types/OctoflareEnv.js';
 import { OctoflareHandler } from './types/OctoflareHandler.js';
-export declare const octoflare: <Env extends InternalEnv>(handler: OctoflareHandler<Env>) => {
+export declare const octoflare: <Env extends OctoflareEnv = OctoflareEnv>(handler: OctoflareHandler<Env>) => {
     fetch(request: Request, env: Env): Promise<Response>;
 };

dist/octoflare.js

 import { attempt } from '@jill64/attempt';
+import crypto from 'node:crypto';
 import { App } from 'octokit';
-import { verifyRequest } from './verifyRequest.js';
 export const octoflare = (handler) => ({
     async fetch(request, env) {
+        const { headers, method } = request;
+        if (method === 'GET' || method === 'HEAD') {
+            return new Response(null, {
+                status: 204
+            });
+        }
+        if (method !== 'POST') {
+            return new Response(null, {
+                status: 405,
+                headers: {
+                    Allow: 'GET, HEAD, POST'
+                }
+            });
+        }
         const body = await request.text();
-        const invalidResponse = verifyRequest({ body, request, env });
-        if (invalidResponse) {
-            return invalidResponse;
+        const signature = crypto
+            .createHmac('sha256', env.OCTOFLARE_WEBHOOK_SECRET)
+            .update(body)
+            .digest('hex');
+        if (`sha256=${signature}` !== headers.get('X-Hub-Signature-256')) {
+            return new Response(null, {
+                status: 403
+            });
         }
@@ -11,0 +30,0 @@ const payload = JSON.parse(body);

dist/types/OctoflareHandler.d.ts

 import { WebhookEvent } from '@octokit/webhooks-types';
 import { App } from 'octokit';
-import { InternalEnv } from './InternalEnv.js';
-export type OctoflareHandler<Env extends InternalEnv = InternalEnv> = (context: {
+import { OctoflareEnv } from './OctoflareEnv.js';
+export type OctoflareHandler<Env extends OctoflareEnv = OctoflareEnv> = (context: {
     request: Request;
@@ -6,0 +6,0 @@ env: Env;

package.json

 {
   "name": "octoflare",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "A framework for building GitHub Apps with Cloudflare Worker",
@@ -5,0 +5,0 @@ "type": "module",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

6462

decreased by-3.97%

Lines of code

71

decreased by-13.41%

No dependency changes