@turnkey/crypto
Version:
Encryption, decryption, and key related utility functions
59 lines • 2.68 kB
TypeScript
export type TurnkeyWebhookVerificationKey = {
keyId: string;
publicKey: string;
algorithm?: "ed25519";
};
export type TurnkeyWebhookHeaders = Headers | Record<string, string | string[] | undefined>;
export type TurnkeyWebhookBody = string | Uint8Array | ArrayBuffer;
export type VerifyTurnkeyWebhookSignatureParams = {
headers: TurnkeyWebhookHeaders;
body: TurnkeyWebhookBody;
verificationKeys: TurnkeyWebhookVerificationKey[];
maxTimestampAgeMs: number;
nowMs?: number;
};
export declare const TurnkeyWebhookVerificationFailureReasons: {
readonly InvalidMaxTimestampAge: "invalid_max_timestamp_age";
readonly InvalidNow: "invalid_now";
readonly MissingHeader: "missing_header";
readonly InvalidTimestamp: "invalid_timestamp";
readonly StaleTimestamp: "stale_timestamp";
readonly UnsupportedSignatureVersion: "unsupported_signature_version";
readonly UnsupportedSignatureAlgorithm: "unsupported_signature_algorithm";
readonly MissingKey: "missing_key";
readonly InvalidVerificationKeyAlgorithm: "invalid_verification_key_algorithm";
readonly InvalidVerificationKey: "invalid_verification_key";
readonly InvalidSignature: "invalid_signature";
};
export type TurnkeyWebhookVerificationFailureReason = (typeof TurnkeyWebhookVerificationFailureReasons)[keyof typeof TurnkeyWebhookVerificationFailureReasons];
export type TurnkeyWebhookVerificationSuccess = {
ok: true;
eventId: string;
keyId: string;
timestampMs: number;
};
export type TurnkeyWebhookVerificationFailure = {
ok: false;
reason: TurnkeyWebhookVerificationFailureReason;
headerName?: string;
};
export type TurnkeyWebhookVerificationResult = TurnkeyWebhookVerificationSuccess | TurnkeyWebhookVerificationFailure;
/**
* Verifies a Turnkey webhook signature with caller-provided Ed25519
* verification keys.
*
* Pass the exact raw request body bytes Turnkey sent, the request headers, and
* a bounded `maxTimestampAgeMs` replay window. The function returns a typed
* failure result for invalid webhook input instead of throwing, so handlers can
* reject expected verification failures without exception-driven control flow.
*/
export declare function verifyTurnkeyWebhookSignature({ headers, body, verificationKeys, maxTimestampAgeMs, nowMs, }: VerifyTurnkeyWebhookSignatureParams): TurnkeyWebhookVerificationResult;
export declare function buildSignedInput({ version, algorithm, keyId, timestampMs, eventId, body, }: {
version: string;
algorithm: string;
keyId: string;
timestampMs: string;
eventId: string;
body: TurnkeyWebhookBody;
}): Uint8Array;
//# sourceMappingURL=webhooks.d.ts.map