paddle-sdk - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

lib/serialize.js

CHANGELOG.md

		@@ -5,2 +5,12 @@ # Change Log

		<a name="1.1.0"></a>
		# [1.1.0](https://github.com/avaly/paddle-sdk/compare/v1.0.0...v1.1.0) (2017-11-20)


		### Features

		* Verify Webhook Alerts :tada: ([d343da2](https://github.com/avaly/paddle-sdk/commit/d343da2))



		<a name="1.0.0"></a>
		@@ -7,0 +17,0 @@ # 1.0.0 (2017-11-19)

package.json

		{
		"name": "paddle-sdk",
		"description": "The Paddle.com Node.js SDK",
		"version": "1.0.0",
		"version": "1.1.0",
		"main": "sdk.js",
		@@ -16,10 +16,12 @@ "author": "Valentin Agachi <github-com@agachi.name>",
		"files": [
		"sdk.js"
		"sdk.js",
		"lib/"
		],
		"scripts": {
		"commitmsg": "validate-commit-msg",
		"docs": "jsdoc2md --partial docs/main.hbs --helper docs/helpers.js --files sdk.js > Documenation.md",
		"docs": "jsdoc2md --partial docs/main.hbs --helper docs/helpers.js --files sdk.js > Documentation.md",
		"lint": "eslint . --cache --fix --ignore-pattern '!.eslintrc.js'",
		"pretty": "prettier --write --list-different \"*/.js\"",
		"precommit": "yarn docs && git add Documenation.md && lint-staged",
		"precommit": "lint-staged",
		"release": "yarn docs && git add Documentation.md && standard-version -a",
		"test:jest": "jest",
		@@ -29,3 +31,2 @@ "test:watch": "jest --watch",
		"test": "npm run test:jest",
		"version": "standard-version",
		"pretest": "npm run lint"
		@@ -32,0 +33,0 @@ },

sdk.js

		@@ -0,3 +1,6 @@
		const crypto = require('crypto');
		const got = require('got');

		const pkg = require('./package.json');
		const serialize = require('./lib/serialize');

		@@ -11,3 +14,4 @@ const SERVER_URL = 'https://vendors.paddle.com/api/2.0';
		* @param {string} vendorID - The vendor ID for a Paddle account
		* @param {string} apiKey - The API Key for a Paddle account
		* @param {string} apiKey - The API key for a Paddle account
		* @param {string} [publicKey] - The public key for a Paddle account used to verify webhooks, only required for `verifyWebhookData`
		* @param {object} [options]
		@@ -17,7 +21,9 @@ * @param {string} [options.server=vendors.paddle.com/api/2.0] - The server URL prefix for all requests
		* @example
		* const client = new PaddleSDK('your-unique-api-key-here');
		* const client = new PaddleSDK('your-vendor-id', 'your-unique-api-key');
		* const client = new PaddleSDK('your-vendor-id', 'your-unique-api-key', 'your-public-key');
		*/
		constructor(vendorID, apiKey, options) {
		constructor(vendorID, apiKey, publicKey, options) {
		this.vendorID = vendorID \|\| 'MISSING';
		this.apiKey = apiKey \|\| 'MISSING';
		this.publicKey = publicKey \|\| 'MISSING';
		this.server = (options && options.server) \|\| SERVER_URL;
		@@ -237,4 +243,46 @@ }
		}

		/**
		* Verify a webhook alert data using signature and a public key to validate that
		* it was indeed sent from Paddle.
		*
		* For more details: https://paddle.com/docs/reference-verifying-webhooks
		*
		* @method
		* @param {Object} postData The object with all the parameters sent to the webhook
		* @return {boolean}
		*
		* @example
		* const client = new PaddleSDK('your-vendor-id', 'your-unique-api-key', 'your-public-key');
		*
		* // inside an Express handler which uses express.bodyParser middleware
		* const isVerified = client.verifyWebhookData(req.body);
		*/
		verifyWebhookData(postData) {
		const signature = postData.p_signature;

		const keys = Object.keys(postData)
		.filter(key => key !== 'p_signature')
		.sort();

		const sorted = {};
		keys.forEach(key => {
		sorted[key] = postData[key];
		});

		// PHP style serialize! :O
		const serialized = serialize(sorted);

		try {
		const verifier = crypto.createVerify('sha1');
		verifier.write(serialized);
		verifier.end();

		return verifier.verify(this.publicKey, signature, 'base64');
		} catch (err) {
		return false;
		}
		}
		}

		module.exports = PaddleSDK;

paddle-sdk - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics