@kyuzan/mountain-webhook-sdk/dist/index.cjs

Webhook signature verification SDK for MOUNTAIN platform

"use strict";var l=Object.defineProperty;var h=Object.getOwnPropertyDescriptor;var E=Object.getOwnPropertyNames;var S=Object.prototype.hasOwnProperty;var k=(e,t)=>{for(var o in t)l(e,o,{get:t[o],enumerable:!0})},b=(e,t,o,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of E(t))!S.call(e,r)&&r!==o&&l(e,r,{get:()=>t[r],enumerable:!(i=h(t,r))||i.enumerable});return e};var y=e=>b(l({},"__esModule",{value:!0}),e);var R={};k(R,{MountainWebhookSdk:()=>n,getEventFromRequest:()=>c,initializeSDK:()=>x});module.exports=y(R);var a=(e,...t)=>{console.log(`[SDK] ${e}`,...t)};var u=require("crypto"),V="whsec_";function w(e,t,o,i=300){a("validateEvent");try{if(!e)return{isValid:!1,error:"No signature found in request"};let[r,s]=e.split(",");if(!r||!s)return{isValid:!1,error:"Invalid signature format"};let f=parseInt(r.replace("t=","")),m=s.replace("v1=",""),d=Math.floor(Date.now()/1e3);if(Math.abs(d-f)>i)return{isValid:!1,error:"Signature timestamp is outside of tolerance window"};let p=o.split(V);if(p.length!==2)return{isValid:!1,error:"Invalid webhook secret"};let g=p[1],v=(0,u.createHmac)("sha256",g).update(`${f}.${t}`).digest("hex");return m!==v?{isValid:!1,error:"Signature verification failed"}:{isValid:!0,payload:JSON.parse(t)}}catch(r){return{isValid:!1,error:r instanceof Error?r.message:"Unknown error"}}}function c(e,t,o,i=300){try{let r=t.headers["x-mountain-signature"],s=typeof t.body=="string"?t.body:JSON.stringify(t.body);return w(r,s,o,i)}catch(r){return{isValid:!1,error:r instanceof Error?r.message:"Unknown error"}}}var n=class e{constructor(t){this.getEventFromRequest=c.bind(null,this);this.options=t,a("initializeSDK",t)}static initialize(t={}){return new e(t)}};var x=n.initialize;0&&(module.exports={MountainWebhookSdk,getEventFromRequest,initializeSDK});