UNPKG

filestack-js

Version:

Official JavaScript library for Filestack

github.com/filestack/filestack-js

filestack/filestack-js

61 lines (59 loc) • 6.83 kB

JavaScript

/* * Copyright (c) 2018 by Filestack. * Some rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import { FilestackError, FilestackErrorType } from './../../filestack_error'; import { getValidator, SecurityParamsSchema } from './../../schema'; import * as crypto from 'crypto'; /** * Returns Filestack base64 policy and HMAC-SHA256 signature * * ### Example * * ```js * import * as filestack from 'filestack-js'; * * const jsonPolicy = { 'expiry': 253381964415 }; * const security = filestack.getSecurity(jsonPolicy, '<YOUR_APP_SECRET>'); * ``` * * @param policyOptions * @param appSecret */ export var getSecurity = function (policyOptions, appSecret) { var validateRes = getValidator(SecurityParamsSchema)(policyOptions); if (validateRes.errors.length) { throw new FilestackError("Invalid security params", validateRes.errors, FilestackErrorType.VALIDATION); } var policy = Buffer.from(JSON.stringify(policyOptions)).toString('base64'); var signature = crypto.createHmac('sha256', appSecret) .update(policy) .digest('hex'); return { policy: policy, signature: signature }; }; /** * Check webhook signature * * @param secret - app secred * @param rawBody - unchanged raw webhook body * @param toCompare - data from wh response headers */ export var validateWebhookSignature = function (secret, rawBody, toCompare) { var hash = crypto.createHmac('sha256', secret) .update("".concat(toCompare.timestamp, ".").concat(rawBody)) .digest('hex'); return hash === toCompare.signature; }; //# sourceMappingURL=data:application/json;charset=utf8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9saWIvYXBpL3NlY3VyaXR5Lm5vZGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7Ozs7OztHQWVHO0FBSUgsT0FBTyxFQUFFLGNBQWMsRUFBRSxrQkFBa0IsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQzdFLE9BQU8sRUFBRSxZQUFZLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUNwRSxPQUFPLEtBQUssTUFBTSxNQUFNLFFBQVEsQ0FBQztBQUVqQzs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILE1BQU0sQ0FBQyxJQUFNLFdBQVcsR0FBRyxVQUFDLGFBQThCLEVBQUUsU0FBaUI7SUFDM0UsSUFBTSxXQUFXLEdBQUcsWUFBWSxDQUFDLG9CQUFvQixDQUFDLENBQUMsYUFBYSxDQUFDLENBQUM7SUFFdEUsSUFBSSxXQUFXLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRTtRQUM3QixNQUFNLElBQUksY0FBYyxDQUFDLHlCQUF5QixFQUFFLFdBQVcsQ0FBQyxNQUFNLEVBQUUsa0JBQWtCLENBQUMsVUFBVSxDQUFDLENBQUM7S0FDeEc7SUFFRCxJQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDN0UsSUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDO1NBQ3RDLE1BQU0sQ0FBQyxNQUFNLENBQUM7U0FDZCxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7SUFFaEMsT0FBTyxFQUFFLE1BQU0sUUFBQSxFQUFFLFNBQVMsV0FBQSxFQUFFLENBQUM7QUFDL0IsQ0FBQyxDQUFDO0FBRUY7Ozs7OztHQU1HO0FBQ0gsTUFBTSxDQUFDLElBQU0sd0JBQXdCLEdBQUcsVUFBQyxNQUFjLEVBQUUsT0FBZSxFQUFFLFNBQWlDO0lBQ3pHLElBQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQztTQUNqQyxNQUFNLENBQUMsVUFBRyxTQUFTLENBQUMsU0FBUyxjQUFJLE9BQU8sQ0FBRSxDQUFDO1NBQzNDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUU3QixPQUFPLElBQUksS0FBSyxTQUFTLENBQUMsU0FBUyxDQUFDO0FBQ3RDLENBQUMsQ0FBQyIsImZpbGUiOiJsaWIvYXBpL3NlY3VyaXR5Lm5vZGUuanMiLCJzb3VyY2VzQ29udGVudCI6WyIvKlxuICogQ29weXJpZ2h0IChjKSAyMDE4IGJ5IEZpbGVzdGFjay5cbiAqIFNvbWUgcmlnaHRzIHJlc2VydmVkLlxuICpcbiAqIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIik7XG4gKiB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuXG4gKiBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXRcbiAqXG4gKiAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZVxuICogZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gXCJBUyBJU1wiIEJBU0lTLFxuICogV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuXG4gKiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kXG4gKiBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG5pbXBvcnQgeyBTZWN1cml0eSB9IGZyb20gJy4uL2NsaWVudCc7XG5pbXBvcnQgeyBXZWJob29rVmFsaWRhdGVQYXlsb2FkLCBTZWN1cml0eU9wdGlvbnMgfSBmcm9tICcuL3NlY3VyaXR5JztcbmltcG9ydCB7IEZpbGVzdGFja0Vycm9yLCBGaWxlc3RhY2tFcnJvclR5cGUgfSBmcm9tICcuLy4uLy4uL2ZpbGVzdGFja19lcnJvcic7XG5pbXBvcnQgeyBnZXRWYWxpZGF0b3IsIFNlY3VyaXR5UGFyYW1zU2NoZW1hIH0gZnJvbSAnLi8uLi8uLi9zY2hlbWEnO1xuaW1wb3J0ICogYXMgY3J5cHRvIGZyb20gJ2NyeXB0byc7XG5cbi8qKlxuICogUmV0dXJucyBGaWxlc3RhY2sgYmFzZTY0IHBvbGljeSBhbmQgSE1BQy1TSEEyNTYgc2lnbmF0dXJlXG4gKlxuICogIyMjIEV4YW1wbGVcbiAqXG4gKiBgYGBqc1xuICogaW1wb3J0ICogYXMgZmlsZXN0YWNrIGZyb20gJ2ZpbGVzdGFjay1qcyc7XG4gKlxuICogY29uc3QganNvblBvbGljeSA9IHsgJ2V4cGlyeSc6IDI1MzM4MTk2NDQxNSB9O1xuICogY29uc3Qgc2VjdXJpdHkgPSBmaWxlc3RhY2suZ2V0U2VjdXJpdHkoanNvblBvbGljeSwgJzxZT1VSX0FQUF9TRUNSRVQ+Jyk7XG4gKiBgYGBcbiAqXG4gKiBAcGFyYW0gcG9saWN5T3B0aW9uc1xuICogQHBhcmFtIGFwcFNlY3JldFxuICovXG5leHBvcnQgY29uc3QgZ2V0U2VjdXJpdHkgPSAocG9saWN5T3B0aW9uczogU2VjdXJpdHlPcHRpb25zLCBhcHBTZWNyZXQ6IHN0cmluZyk6IFNlY3VyaXR5ID0+IHtcbiAgY29uc3QgdmFsaWRhdGVSZXMgPSBnZXRWYWxpZGF0b3IoU2VjdXJpdHlQYXJhbXNTY2hlbWEpKHBvbGljeU9wdGlvbnMpO1xuXG4gIGlmICh2YWxpZGF0ZVJlcy5lcnJvcnMubGVuZ3RoKSB7XG4gICAgdGhyb3cgbmV3IEZpbGVzdGFja0Vycm9yKGBJbnZhbGlkIHNlY3VyaXR5IHBhcmFtc2AsIHZhbGlkYXRlUmVzLmVycm9ycywgRmlsZXN0YWNrRXJyb3JUeXBlLlZBTElEQVRJT04pO1xuICB9XG5cbiAgY29uc3QgcG9saWN5ID0gQnVmZmVyLmZyb20oSlNPTi5zdHJpbmdpZnkocG9saWN5T3B0aW9ucykpLnRvU3RyaW5nKCdiYXNlNjQnKTtcbiAgY29uc3Qgc2lnbmF0dXJlID0gY3J5cHRvLmNyZWF0ZUhtYWMoJ3NoYTI1NicsIGFwcFNlY3JldClcbiAgICAgICAgICAgICAgICAgICAudXBkYXRlKHBvbGljeSlcbiAgICAgICAgICAgICAgICAgICAuZGlnZXN0KCdoZXgnKTtcblxuICByZXR1cm4geyBwb2xpY3ksIHNpZ25hdHVyZSB9O1xufTtcblxuLyoqXG4gKiBDaGVjayB3ZWJob29rIHNpZ25hdHVyZVxuICpcbiAqIEBwYXJhbSBzZWNyZXQgLSBhcHAgc2VjcmVkXG4gKiBAcGFyYW0gcmF3Qm9keSAtIHVuY2hhbmdlZCByYXcgd2ViaG9vayBib2R5XG4gKiBAcGFyYW0gdG9Db21wYXJlIC0gZGF0YSBmcm9tIHdoIHJlc3BvbnNlIGhlYWRlcnNcbiAqL1xuZXhwb3J0IGNvbnN0IHZhbGlkYXRlV2ViaG9va1NpZ25hdHVyZSA9IChzZWNyZXQ6IHN0cmluZywgcmF3Qm9keTogc3RyaW5nLCB0b0NvbXBhcmU6IFdlYmhvb2tWYWxpZGF0ZVBheWxvYWQpID0+IHtcbiAgY29uc3QgaGFzaCA9IGNyeXB0by5jcmVhdGVIbWFjKCdzaGEyNTYnLCBzZWNyZXQpXG4gICAgICAgICAgICAgICAgLnVwZGF0ZShgJHt0b0NvbXBhcmUudGltZXN0YW1wfS4ke3Jhd0JvZHl9YClcbiAgICAgICAgICAgICAgICAuZGlnZXN0KCdoZXgnKTtcblxuICByZXR1cm4gaGFzaCA9PT0gdG9Db21wYXJlLnNpZ25hdHVyZTtcbn07XG4iXX0=