UNPKG

@papra/webhooks

Version:

Webhooks helper library for Papra, the document archiving platform.

github.com/papra-hq/papra

papra-hq/papra

180 lines (173 loc) 5.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
import { EventEmitter } from "tsee"; import { createId } from "@paralleldrive/cuid2"; import { ofetch } from "ofetch"; //#region src/handler/handler.errors.ts function createInvalidSignatureError() { return Object.assign(/* @__PURE__ */ new Error("[Papra Webhooks] Invalid signature"), { code: "webhook.invalid_signature" }); } function createUnsupportedSignatureVersionError() { return Object.assign(/* @__PURE__ */ new Error("[Papra Webhooks] Unsupported signature version, supported versions are \"v1\""), { code: "webhook.unsupported_signature_version" }); } function createInvalidSignatureFormatError() { return Object.assign(/* @__PURE__ */ new Error("[Papra Webhooks] Invalid signature format, unprocessable signature"), { code: "webhook.invalid_signature_format" }); } //#endregion //#region src/signature.ts const WEBHOOK_SIGNATURE_HMAC_VERSION = "v1"; function arrayBufferToBase64(arrayBuffer) { return btoa(String.fromCharCode(...new Uint8Array(arrayBuffer))); } function base64ToArrayBuffer(base64) { return new Uint8Array(atob(base64).split("").map((char) => char.charCodeAt(0))).buffer; } function createSignaturePayload({ serializedPayload, webhookId, timestamp }) { return `${webhookId}.${timestamp}.${serializedPayload}`; } async function hmacSign({ secret, payload }) { const encoder = new TextEncoder(); const key = await crypto.subtle.importKey("raw", encoder.encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]); return crypto.subtle.sign("HMAC", key, encoder.encode(payload)); } async function signBody({ serializedPayload, webhookId, timestamp, secret }) { const payload = createSignaturePayload({ serializedPayload, webhookId, timestamp }); const rawSignature = await hmacSign({ secret, payload }); const signatureBase64 = arrayBufferToBase64(rawSignature); const signature = `${WEBHOOK_SIGNATURE_HMAC_VERSION},${signatureBase64}`; return { signature }; } async function verifySignature({ serializedPayload, webhookId, timestamp, signature: base64Signature, secret }) { const [version, signature] = base64Signature.split(",", 2); if (!signature || !version) throw createInvalidSignatureFormatError(); if (version !== WEBHOOK_SIGNATURE_HMAC_VERSION) throw createUnsupportedSignatureVersionError(); const payload = createSignaturePayload({ serializedPayload, webhookId, timestamp }); const signatureBuffer = base64ToArrayBuffer(signature); const encoder = new TextEncoder(); const keyData = encoder.encode(secret); const key = await crypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["verify"]); return crypto.subtle.verify("HMAC", key, signatureBuffer, encoder.encode(payload)); } //#endregion //#region src/webhooks.models.ts function serializeBody({ now = /* @__PURE__ */ new Date(), payload, event }) { const body = { data: payload, type: event, timestamp: now.toISOString() }; return JSON.stringify(body); } function parseBody(body) { return JSON.parse(body); } //#endregion //#region src/handler/handler.services.ts function handleError({ error }) { if (error) throw error; throw createInvalidSignatureError(); } function createWebhooksHandler({ secret, onError = handleError }) { const eventEmitter = new EventEmitter(); return { on: eventEmitter.on, ee: eventEmitter, handle: async ({ body, signature, webhookId, timestamp }) => { try { const isValid = await verifySignature({ serializedPayload: body, signature, secret, webhookId, timestamp }); if (!isValid) throw createInvalidSignatureError(); const parsedBody = parseBody(body); const { type } = parsedBody; eventEmitter.emit(type, parsedBody); eventEmitter.emit("*", parsedBody); } catch (error) { await onError({ body, signature, webhookId, timestamp, error }); } } }; } //#endregion //#region src/webhooks.constants.ts const EVENT_NAMES = [ "document:created", "document:deleted", "document:updated", "document:tag:added", "document:tag:removed" ]; //#endregion //#region src/webhooks.services.ts async function webhookHttpClient({ url,...options }) { const response = await ofetch.raw(url, { ...options, ignoreResponseError: true }); return { responseStatus: response.status, responseData: response._data }; } async function triggerWebhook({ webhookUrl, webhookSecret, httpClient = webhookHttpClient, now = /* @__PURE__ */ new Date(), payload, event, webhookId = `msg_${createId()}` }) { const timestamp = Math.floor(now.getTime() / 1e3).toString(); const headers = { "user-agent": "papra-webhook-client", "content-type": "application/json", "webhook-id": webhookId, "webhook-timestamp": timestamp }; const body = serializeBody({ event, payload, now }); if (webhookSecret) { const { signature } = await signBody({ serializedPayload: body, webhookId, timestamp, secret: webhookSecret }); headers["webhook-signature"] = signature; } const { responseData, responseStatus } = await httpClient({ url: webhookUrl, method: "POST", body, headers }); return { responseData, responseStatus, requestPayload: body }; } //#endregion export { EVENT_NAMES, createWebhooksHandler, triggerWebhook }; //# sourceMappingURL=index.js.map