@kyuzan/mountain-webhook-sdk/dist/index.mjs

Webhook signature verification SDK for MOUNTAIN platform

var i=(e,...t)=>{console.log(`[SDK] ${e}`,...t)};import{createHmac as g}from"crypto";var v="whsec_";function h(e,t,s,a=300){i("validateEvent");try{if(!e)return{isValid:!1,error:"No signature found in request"};let[r,o]=e.split(",");if(!r||!o)return{isValid:!1,error:"Invalid signature format"};let l=parseInt(r.replace("t=","")),p=o.replace("v1=",""),u=Math.floor(Date.now()/1e3);if(Math.abs(u-l)>a)return{isValid:!1,error:"Signature timestamp is outside of tolerance window"};let c=s.split(v);if(c.length!==2)return{isValid:!1,error:"Invalid webhook secret"};let m=c[1],d=g("sha256",m).update(`${l}.${t}`).digest("hex");return p!==d?{isValid:!1,error:"Signature verification failed"}:{isValid:!0,payload:JSON.parse(t)}}catch(r){return{isValid:!1,error:r instanceof Error?r.message:"Unknown error"}}}function f(e,t,s,a=300){try{let r=t.headers["x-mountain-signature"],o=typeof t.body=="string"?t.body:JSON.stringify(t.body);return h(r,o,s,a)}catch(r){return{isValid:!1,error:r instanceof Error?r.message:"Unknown error"}}}var n=class e{constructor(t){this.getEventFromRequest=f.bind(null,this);this.options=t,i("initializeSDK",t)}static initialize(t={}){return new e(t)}};var O=n.initialize;export{n as MountainWebhookSdk,f as getEventFromRequest,O as initializeSDK};