@idealite/web-services
Version:
Comprehensive web services library with webhook system and Mux integration
64 lines (63 loc) • 2.12 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SimpleWebhookVerifier = exports.HmacWebhookVerifier = void 0;
const crypto_1 = require("crypto");
/**
* HMAC-based webhook signature verifier
* Implements secure webhook verification using HMAC-SHA256
*/
class HmacWebhookVerifier {
/**
* Verify webhook signature using HMAC-SHA256
*/
verify(payload, signature, secret) {
try {
// Remove any prefix from signature (e.g., "sha256=")
const cleanSignature = signature.replace(/^sha256=/, '');
// Generate expected signature
const expectedSignature = (0, crypto_1.createHmac)('sha256', secret)
.update(payload, 'utf8')
.digest('hex');
// Compare signatures using timing-safe comparison
return this.timingSafeEqual(cleanSignature, expectedSignature);
}
catch (error) {
console.error('Webhook signature verification error:', error);
return false;
}
}
/**
* Timing-safe string comparison to prevent timing attacks
*/
timingSafeEqual(a, b) {
if (a.length !== b.length) {
return false;
}
let result = 0;
for (let i = 0; i < a.length; i++) {
result |= a.charCodeAt(i) ^ b.charCodeAt(i);
}
return result === 0;
}
}
exports.HmacWebhookVerifier = HmacWebhookVerifier;
/**
* Simple webhook signature verifier for basic authentication
* Uses simple string comparison (less secure than HMAC)
*/
class SimpleWebhookVerifier {
/**
* Verify webhook signature using simple string comparison
*/
verify(payload, signature, secret) {
const expectedSignature = this.generateSignature(payload, secret);
return signature === expectedSignature;
}
/**
* Generate simple signature (for testing/development only)
*/
generateSignature(payload, secret) {
return Buffer.from(payload + secret).toString('base64');
}
}
exports.SimpleWebhookVerifier = SimpleWebhookVerifier;