UNPKG

@turnkey/crypto

Version:

Encryption, decryption, and key related utility functions

59 lines 2.68 kB
export type TurnkeyWebhookVerificationKey = { keyId: string; publicKey: string; algorithm?: "ed25519"; }; export type TurnkeyWebhookHeaders = Headers | Record<string, string | string[] | undefined>; export type TurnkeyWebhookBody = string | Uint8Array | ArrayBuffer; export type VerifyTurnkeyWebhookSignatureParams = { headers: TurnkeyWebhookHeaders; body: TurnkeyWebhookBody; verificationKeys: TurnkeyWebhookVerificationKey[]; maxTimestampAgeMs: number; nowMs?: number; }; export declare const TurnkeyWebhookVerificationFailureReasons: { readonly InvalidMaxTimestampAge: "invalid_max_timestamp_age"; readonly InvalidNow: "invalid_now"; readonly MissingHeader: "missing_header"; readonly InvalidTimestamp: "invalid_timestamp"; readonly StaleTimestamp: "stale_timestamp"; readonly UnsupportedSignatureVersion: "unsupported_signature_version"; readonly UnsupportedSignatureAlgorithm: "unsupported_signature_algorithm"; readonly MissingKey: "missing_key"; readonly InvalidVerificationKeyAlgorithm: "invalid_verification_key_algorithm"; readonly InvalidVerificationKey: "invalid_verification_key"; readonly InvalidSignature: "invalid_signature"; }; export type TurnkeyWebhookVerificationFailureReason = (typeof TurnkeyWebhookVerificationFailureReasons)[keyof typeof TurnkeyWebhookVerificationFailureReasons]; export type TurnkeyWebhookVerificationSuccess = { ok: true; eventId: string; keyId: string; timestampMs: number; }; export type TurnkeyWebhookVerificationFailure = { ok: false; reason: TurnkeyWebhookVerificationFailureReason; headerName?: string; }; export type TurnkeyWebhookVerificationResult = TurnkeyWebhookVerificationSuccess | TurnkeyWebhookVerificationFailure; /** * Verifies a Turnkey webhook signature with caller-provided Ed25519 * verification keys. * * Pass the exact raw request body bytes Turnkey sent, the request headers, and * a bounded `maxTimestampAgeMs` replay window. The function returns a typed * failure result for invalid webhook input instead of throwing, so handlers can * reject expected verification failures without exception-driven control flow. */ export declare function verifyTurnkeyWebhookSignature({ headers, body, verificationKeys, maxTimestampAgeMs, nowMs, }: VerifyTurnkeyWebhookSignatureParams): TurnkeyWebhookVerificationResult; export declare function buildSignedInput({ version, algorithm, keyId, timestampMs, eventId, body, }: { version: string; algorithm: string; keyId: string; timestampMs: string; eventId: string; body: TurnkeyWebhookBody; }): Uint8Array; //# sourceMappingURL=webhooks.d.ts.map