UNPKG

aws-delivlib

Version:

A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.

github.com/cdklabs/aws-delivlib

cdklabs/aws-delivlib

87 lines (84 loc) 2.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// pkg/dist-src/types.js var Algorithm = /* @__PURE__ */ ((Algorithm2) => { Algorithm2["SHA1"] = "sha1"; Algorithm2["SHA256"] = "sha256"; return Algorithm2; })(Algorithm || {}); // pkg/dist-src/utils.js var getAlgorithm = (signature) => { return signature.startsWith("sha256=") ? "sha256" : "sha1"; }; // pkg/dist-src/web.js var enc = new TextEncoder(); function hexToUInt8Array(string) { const pairs = string.match(/[\dA-F]{2}/gi); const integers = pairs.map(function(s) { return parseInt(s, 16); }); return new Uint8Array(integers); } function UInt8ArrayToHex(signature) { return Array.prototype.map.call(new Uint8Array(signature), (x) => x.toString(16).padStart(2, "0")).join(""); } function getHMACHashName(algorithm) { return { [Algorithm.SHA1]: "SHA-1", [Algorithm.SHA256]: "SHA-256" }[algorithm]; } async function importKey(secret, algorithm) { return crypto.subtle.importKey( "raw", // raw format of the key - should be Uint8Array enc.encode(secret), { // algorithm details name: "HMAC", hash: { name: getHMACHashName(algorithm) } }, false, // export = false ["sign", "verify"] // what this key can do ); } async function sign(options, payload) { const { secret, algorithm } = typeof options === "object" ? { secret: options.secret, algorithm: options.algorithm || Algorithm.SHA256 } : { secret: options, algorithm: Algorithm.SHA256 }; if (!secret || !payload) { throw new TypeError( "[@octokit/webhooks-methods] secret & payload required for sign()" ); } if (!Object.values(Algorithm).includes(algorithm)) { throw new TypeError( `[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be 'sha1' or 'sha256'` ); } const signature = await crypto.subtle.sign( "HMAC", await importKey(secret, algorithm), enc.encode(payload) ); return `${algorithm}=${UInt8ArrayToHex(signature)}`; } async function verify(secret, eventPayload, signature) { if (!secret || !eventPayload || !signature) { throw new TypeError( "[@octokit/webhooks-methods] secret, eventPayload & signature required" ); } const algorithm = getAlgorithm(signature); return await crypto.subtle.verify( "HMAC", await importKey(secret, algorithm), hexToUInt8Array(signature.replace(`${algorithm}=`, "")), enc.encode(eventPayload) ); } export { sign, verify };