twitter-autohook - npm Package Compare versions

Comparing version 1.7.1 to 1.7.2

cli.js

@@ -19,2 +19,3 @@ #!/usr/bin/env node
   .option('--consumer-secret <consumerSecret>', 'your OAuth consumer secret. (Env var: TWITTER_CONSUMER_SECRET)')
+  .option('--ngrok-secret <authToken>', 'your ngrok authtoken. (Env var: NGROK_AUTH_TOKEN)')
   .option('--env <env>', 'your Premium environment label as defined in https://developer.twitter.com/en/account/environments. (Env var: TWITTER_WEBHOOK_ENV)')
@@ -21,0 +22,0 @@ .option('--port <port>', 'port where the local HTTP server should run. Default: 1337. (Env var: PORT)')

client/index.js

 const needle = require('needle');
-const crypto = require('crypto');
 const package = require('../package.json');
-const { URL, URLSearchParams } = require('url');
 const { oauth } = require('../oauth');
-needle.defaults({user_agent: `${package.name}/${package.version}`})
+needle.defaults({user_agent: `${package.name}/${package.version}`});
 
 const auth = (method, url, options, body) => {
-  if (Object.prototype.toString.call(options) !== '[object Object]') {
+  try {
+    Reflect.getPrototypeOf(options);
+  } catch (e) {
     return {};
@@ -11,0 +11,0 @@ }

examples/standalone-server.js

@@ -55,3 +55,6 @@ const {Autohook, validateWebhook, validateSignature} = require('..');
   try {
-
+    const NGROK_AUTH_TOKEN = process.env.NGROK_AUTH_TOKEN;
+    if (NGROK_AUTH_TOKEN) {
+      await ngrok.authtoken(process.env.NGROK_AUTH_TOKEN);
+    }
     const url = await ngrok.connect(PORT);
@@ -58,0 +61,0 @@ const webhookURL = `${url}/standalone-server/webhook`;

index.js

 #!/usr/bin/env node
+/* global process, Buffer */
 const ngrok = require('ngrok');
@@ -48,5 +49,5 @@ const http = require('http');
   return _getSubscriptionsCount;
-}
+};
 
-const updateSubscriptionCount = increment => {
+const updateSubscriptionCount = (increment) => {
   if (!_getSubscriptionsCount) {
@@ -57,3 +58,3 @@ return;
   _getSubscriptionsCount.subscriptions_count += increment;
-}
+};
 
@@ -68,8 +69,8 @@ const deleteWebhooks = async (webhooks, auth, env) => {
       },
-    }
+    };
 
     console.log(`Removing ${url}…`);
-    const response = await del(requestConfig);
+    await del(requestConfig);
   }
-}
+};
 
@@ -79,3 +80,3 @@ const validateWebhook = (token, auth) => {
   return {response_token: `sha256=${responseToken}`};
-}
+};
 
@@ -97,3 +98,3 @@ const validateSignature = (header, auth, body) => {
     Buffer.from(signature));
-}
+};
 
@@ -118,3 +119,3 @@ const verifyCredentials = async (auth) => {
   return response.body.screen_name;
-}
+};
 
@@ -127,2 +128,3 @@ class Autohook extends EventEmitter {
     consumer_secret = (process.env.TWITTER_CONSUMER_SECRET || '').trim(),
+    ngrok_secret = (process.env.NGROK_AUTH_TOKEN || '').trim(),
     env = (process.env.TWITTER_WEBHOOK_ENV || '').trim(),
@@ -133,3 +135,3 @@ port = process.env.PORT || DEFAULT_PORT,
 
-    Object.entries({token, token_secret, consumer_key, consumer_secret, env, port}).map(el => {
+    Object.entries({token, token_secret, consumer_key, consumer_secret, env, port}).map((el) => {
       const [key, value] = el;
@@ -143,2 +145,3 @@ if (!value) {
     this.auth = {token, token_secret, consumer_key, consumer_secret};
+    this.ngrokSecret = ngrok_secret;
     this.env = env;
@@ -162,3 +165,3 @@ this.port = port;
             return;
-          };
+          }
         } catch (e) {
@@ -174,3 +177,3 @@ console.error(e);
         let body = '';
-        req.on('data', chunk => {
+        req.on('data', (chunk) => {
           body += chunk.toString();
@@ -183,3 +186,3 @@ });
               return;
-            };
+            }
           } catch (e) {
@@ -213,3 +216,3 @@ console.error(e);
       },
-    }
+    };
   
@@ -221,5 +224,5 @@ const response = await post(requestConfig);
       (response) => new URIError(response, [
-        `Cannot get webhooks. Please check that '${env}' is a valid environment defined in your`,
-        `Developer dashboard at https://developer.twitter.com/en/account/environments, and that`,
-        `your OAuth credentials are valid and can access '${env}'. (HTTP status: ${response.statusCode})`].join(' '))
+        `Cannot get webhooks. Please check that '${this.env}' is a valid environment defined in your`,
+        'Developer dashboard at https://developer.twitter.com/en/account/environments, and that',
+        `your OAuth credentials are valid and can access '${this.env}'. (HTTP status: ${response.statusCode})`].join(' '))
     );
@@ -241,2 +244,3 @@
     } catch (e) {
+      token = null;
       throw e;
@@ -257,3 +261,3 @@ }
         `Cannot get webhooks. Please check that '${this.env}' is a valid environment defined in your`,
-        `Developer dashboard at https://developer.twitter.com/en/account/environments, and that`,
+        'Developer dashboard at https://developer.twitter.com/en/account/environments, and that',
         `your OAuth credentials are valid and can access '${this.env}'. (HTTP status: ${response.statusCode})`].join(' ')));
@@ -281,2 +285,5 @@
       this.startServer();
+      if (this.ngrokSecret) {
+        await ngrok.authtoken(this.ngrokSecret);
+      }
       const url = await ngrok.connect(this.port);
@@ -289,3 +296,4 @@ webhookUrl = `${url}${WEBHOOK_ROUTE}`;
       console.log('Webhook created.');
-    } catch(e) {
+    } catch (e) {
+      console.log('Cannot create webhook:', e);
       throw e;
@@ -306,2 +314,3 @@ }
     } catch (e) {
+      screen_name = null;
       throw e;
@@ -308,0 +317,0 @@ }

package.json

 {
   "name": "twitter-autohook",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "description": "Automatically setup and serve webhooks for the Twitter Account Activity API",
@@ -26,3 +26,6 @@ "repository": {
     "nock": "^12.0.2"
+  },
+  "devDependencies": {
+    "eslint": "^7.6.0"
   }
 }

README.md

@@ -69,2 +69,3 @@ # Autohook 🎣
 TWITTER_WEBHOOK_ENV= # https://developer.twitter.com/en/account/environments ➡️ One of 'Dev environment label' or 'Prod environment label'
+NGROK_AUTH_TOKEN= # https://ngrok.com/ - (optional) Create a free account to get your auth token for stable tunnels
 ```
@@ -86,5 +87,6 @@
 export TWITTER_WEBHOOK_ENV= # https://developer.twitter.com/en/account/environments ➡️ One of 'Dev environment label' or 'Prod environment label'
+export NGROK_AUTH_TOKEN= # https://ngrok.com/ - (optional) Create a free account to get your auth token for stable tunnels
 
 # To other services, e.g. Heroku
-heroku config:set TWITTER_CONSUMER_KEY=value TWITTER_CONSUMER_SECRET=value TWITTER_ACCESS_TOKEN=value TWITTER_ACCESS_TOKEN_SECRET=value TWITTER_WEBHOOK_ENV=value
+heroku config:set TWITTER_CONSUMER_KEY=value TWITTER_CONSUMER_SECRET=value TWITTER_ACCESS_TOKEN=value TWITTER_ACCESS_TOKEN_SECRET=value TWITTER_WEBHOOK_ENV=value NGROK_AUTH_TOKEN=value
 ```
@@ -103,2 +105,3 @@ ## Directly
   consumer_secret: 'value',
+  ngrok_secret: 'value', // optional
   env: 'env',
@@ -117,3 +120,4 @@ port: 1337
   --consumer-secret $TWITTER_CONSUMER_SECRET \
-  --env $TWITTER_WEBHOOK_ENV
+  --env $TWITTER_WEBHOOK_ENV \
+  --ngrok-secret $NGROK_AUTH_TOKEN # optional
 ```
@@ -120,0 +124,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

60427

increased by20.61%

Number of package files

23

increased by4.55%

Lines of code

1444

increased by27.67%

Number of lines in readme file

130

increased by3.17%

Worsened metrics

Dev dependency count

1

increased byInfinity%

Number of low supply chain risk alerts

37

increased by8.82%

No dependency changes