UNPKG

filestack-js

Version:

Official JavaScript library for Filestack

github.com/filestack/filestack-js

filestack/filestack-js

59 lines (57 loc) 8.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/* * Copyright (c) 2019 by Filestack. * Some rights reserved. * * Licensed under the Apache License, Version 2.0 (the 'License'); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an 'AS IS' BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import { getSecurity, validateWebhookSignature } from './security'; describe('api:security', function () { describe('getSecurity', function () { it('should create a proper object with policy & signature', function () { var policy = { expiry: 1523595600, call: ['pick', 'read', 'stat', 'write', 'writeUrl', 'store', 'convert', 'remove', 'exif', 'runWorkflow'], handle: 'TEST_HANDLE', }; var appSecret = 'testAppSecret'; var result = getSecurity(policy, appSecret); var expected = { policy: 'eyJleHBpcnkiOjE1MjM1OTU2MDAsImNhbGwiOlsicGljayIsInJlYWQiLCJzdGF0Iiwid3JpdGUiLCJ3cml0ZVVybCIsInN0b3JlIiwiY29udmVydCIsInJlbW92ZSIsImV4aWYiLCJydW5Xb3JrZmxvdyJdLCJoYW5kbGUiOiJURVNUX0hBTkRMRSJ9', signature: '7df0536104cdcc16370ad6494cdbda30c9773a62eec6e5153fa539544db6206e', }; expect(result).toEqual(expected); }); it('should throw error on invalid security params', function () { var policy = { expiry: 'test', call: ['pick1', 'read', 'stat', 'write', 'writeUrl', 'store', 'convert', 'remove', 'exif', 'runWorkflow'], handle: 'TEST_HANDLE', }; var appSecret = 'testAppSecret'; // @ts-ignore expect(function () { return getSecurity(policy, appSecret); }).toThrowError('Invalid security params'); }); }); describe('validateWebhookSignature', function () { it('should pass validation on proper signature', function () { var testRawData = '{"id": 6844, "action": "fp.upload", "timestamp": 1559199901, "text": {"url": "http://cdn.filestackapi.dev/xK88QArxRiyVvFzo4p33", "client": "Computer", "data": {"filename": "01 (1).png", "type": "image/png", "size": 881855}}}'; var correctSignature = { signature: '14495b54b246e1352bb69cd91c5c1bfe2221f2d0330414b3df8f5fb2903db730', timestamp: '1559199901', }; var secret = 'Y5cWb1rdRDSTSqEjF5pv'; expect(validateWebhookSignature(secret, testRawData, correctSignature)).toBeTruthy(); }); }); }); //# sourceMappingURL=data:application/json;charset=utf8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9saWIvYXBpL3NlY3VyaXR5LnNwZWMubm9kZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7Ozs7Ozs7O0dBZUc7QUFFSCxPQUFPLEVBQUUsV0FBVyxFQUFFLHdCQUF3QixFQUFFLE1BQU0sWUFBWSxDQUFDO0FBRW5FLFFBQVEsQ0FBQyxjQUFjLEVBQUU7SUFDdkIsUUFBUSxDQUFDLGFBQWEsRUFBRTtRQUN0QixFQUFFLENBQUMsdURBQXVELEVBQUU7WUFDMUQsSUFBTSxNQUFNLEdBQUc7Z0JBQ2IsTUFBTSxFQUFFLFVBQVU7Z0JBQ2xCLElBQUksRUFBRSxDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLGFBQWEsQ0FBQztnQkFDeEcsTUFBTSxFQUFFLGFBQWE7YUFDdEIsQ0FBQztZQUNGLElBQU0sU0FBUyxHQUFHLGVBQWUsQ0FBQztZQUNsQyxJQUFNLE1BQU0sR0FBRyxXQUFXLENBQUMsTUFBTSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1lBQzlDLElBQU0sUUFBUSxHQUFHO2dCQUNmLE1BQU0sRUFDSiw4TEFBOEw7Z0JBQ2hNLFNBQVMsRUFBRSxrRUFBa0U7YUFDOUUsQ0FBQztZQUNGLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDbkMsQ0FBQyxDQUFDLENBQUM7UUFFSCxFQUFFLENBQUMsK0NBQStDLEVBQUU7WUFDbEQsSUFBTSxNQUFNLEdBQUc7Z0JBQ2IsTUFBTSxFQUFFLE1BQU07Z0JBQ2QsSUFBSSxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLFFBQVEsRUFBRSxNQUFNLEVBQUUsYUFBYSxDQUFDO2dCQUN6RyxNQUFNLEVBQUUsYUFBYTthQUN0QixDQUFDO1lBQ0YsSUFBTSxTQUFTLEdBQUcsZUFBZSxDQUFDO1lBQ2xDLGFBQWE7WUFDYixNQUFNLENBQUMsY0FBTSxPQUFBLFdBQVcsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLEVBQTlCLENBQThCLENBQUMsQ0FBQyxZQUFZLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUN2RixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBRUgsUUFBUSxDQUFDLDBCQUEwQixFQUFFO1FBQ25DLEVBQUUsQ0FBQyw0Q0FBNEMsRUFBRTtZQUMvQyxJQUFNLFdBQVcsR0FBRyxrT0FBa08sQ0FBQztZQUV2UCxJQUFNLGdCQUFnQixHQUFHO2dCQUN2QixTQUFTLEVBQUUsa0VBQWtFO2dCQUM3RSxTQUFTLEVBQUUsWUFBWTthQUN4QixDQUFDO1lBRUYsSUFBTSxNQUFNLEdBQUcsc0JBQXNCLENBQUM7WUFFdEMsTUFBTSxDQUFDLHdCQUF3QixDQUFDLE1BQU0sRUFBRSxXQUFXLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ3ZGLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMsQ0FBQyIsImZpbGUiOiJsaWIvYXBpL3NlY3VyaXR5LnNwZWMubm9kZS5qcyIsInNvdXJjZXNDb250ZW50IjpbIi8qXG4gKiBDb3B5cmlnaHQgKGMpIDIwMTkgYnkgRmlsZXN0YWNrLlxuICogU29tZSByaWdodHMgcmVzZXJ2ZWQuXG4gKlxuICogTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlICdMaWNlbnNlJyk7XG4gKiB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuXG4gKiBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXRcbiAqXG4gKiAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZVxuICogZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUyxcbiAqIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvciBpbXBsaWVkLlxuICogU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZFxuICogbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgZ2V0U2VjdXJpdHksIHZhbGlkYXRlV2ViaG9va1NpZ25hdHVyZSB9IGZyb20gJy4vc2VjdXJpdHknO1xuXG5kZXNjcmliZSgnYXBpOnNlY3VyaXR5JywgKCkgPT4ge1xuICBkZXNjcmliZSgnZ2V0U2VjdXJpdHknLCAoKSA9PiB7XG4gICAgaXQoJ3Nob3VsZCBjcmVhdGUgYSBwcm9wZXIgb2JqZWN0IHdpdGggcG9saWN5ICYgc2lnbmF0dXJlJywgKCkgPT4ge1xuICAgICAgY29uc3QgcG9saWN5ID0ge1xuICAgICAgICBleHBpcnk6IDE1MjM1OTU2MDAsXG4gICAgICAgIGNhbGw6IFsncGljaycsICdyZWFkJywgJ3N0YXQnLCAnd3JpdGUnLCAnd3JpdGVVcmwnLCAnc3RvcmUnLCAnY29udmVydCcsICdyZW1vdmUnLCAnZXhpZicsICdydW5Xb3JrZmxvdyddLFxuICAgICAgICBoYW5kbGU6ICdURVNUX0hBTkRMRScsXG4gICAgICB9O1xuICAgICAgY29uc3QgYXBwU2VjcmV0ID0gJ3Rlc3RBcHBTZWNyZXQnO1xuICAgICAgY29uc3QgcmVzdWx0ID0gZ2V0U2VjdXJpdHkocG9saWN5LCBhcHBTZWNyZXQpO1xuICAgICAgY29uc3QgZXhwZWN0ZWQgPSB7XG4gICAgICAgIHBvbGljeTpcbiAgICAgICAgICAnZXlKbGVIQnBjbmtpT2pFMU1qTTFPVFUyTURBc0ltTmhiR3dpT2xzaWNHbGpheUlzSW5KbFlXUWlMQ0p6ZEdGMElpd2lkM0pwZEdVaUxDSjNjbWwwWlZWeWJDSXNJbk4wYjNKbElpd2lZMjl1ZG1WeWRDSXNJbkpsYlc5MlpTSXNJbVY0YVdZaUxDSnlkVzVYYjNKclpteHZkeUpkTENKb1lXNWtiR1VpT2lKVVJWTlVYMGhCVGtSTVJTSjknLFxuICAgICAgICBzaWduYXR1cmU6ICc3ZGYwNTM2MTA0Y2RjYzE2MzcwYWQ2NDk0Y2RiZGEzMGM5NzczYTYyZWVjNmU1MTUzZmE1Mzk1NDRkYjYyMDZlJyxcbiAgICAgIH07XG4gICAgICBleHBlY3QocmVzdWx0KS50b0VxdWFsKGV4cGVjdGVkKTtcbiAgICB9KTtcblxuICAgIGl0KCdzaG91bGQgdGhyb3cgZXJyb3Igb24gaW52YWxpZCBzZWN1cml0eSBwYXJhbXMnLCAoKSA9PiB7XG4gICAgICBjb25zdCBwb2xpY3kgPSB7XG4gICAgICAgIGV4cGlyeTogJ3Rlc3QnLFxuICAgICAgICBjYWxsOiBbJ3BpY2sxJywgJ3JlYWQnLCAnc3RhdCcsICd3cml0ZScsICd3cml0ZVVybCcsICdzdG9yZScsICdjb252ZXJ0JywgJ3JlbW92ZScsICdleGlmJywgJ3J1bldvcmtmbG93J10sXG4gICAgICAgIGhhbmRsZTogJ1RFU1RfSEFORExFJyxcbiAgICAgIH07XG4gICAgICBjb25zdCBhcHBTZWNyZXQgPSAndGVzdEFwcFNlY3JldCc7XG4gICAgICAvLyBAdHMtaWdub3JlXG4gICAgICBleHBlY3QoKCkgPT4gZ2V0U2VjdXJpdHkocG9saWN5LCBhcHBTZWNyZXQpKS50b1Rocm93RXJyb3IoJ0ludmFsaWQgc2VjdXJpdHkgcGFyYW1zJyk7XG4gICAgfSk7XG4gIH0pO1xuXG4gIGRlc2NyaWJlKCd2YWxpZGF0ZVdlYmhvb2tTaWduYXR1cmUnLCAoKSA9PiB7XG4gICAgaXQoJ3Nob3VsZCBwYXNzIHZhbGlkYXRpb24gb24gcHJvcGVyIHNpZ25hdHVyZScsICgpID0+IHtcbiAgICAgIGNvbnN0IHRlc3RSYXdEYXRhID0gJ3tcImlkXCI6IDY4NDQsIFwiYWN0aW9uXCI6IFwiZnAudXBsb2FkXCIsIFwidGltZXN0YW1wXCI6IDE1NTkxOTk5MDEsIFwidGV4dFwiOiB7XCJ1cmxcIjogXCJodHRwOi8vY2RuLmZpbGVzdGFja2FwaS5kZXYveEs4OFFBcnhSaXlWdkZ6bzRwMzNcIiwgXCJjbGllbnRcIjogXCJDb21wdXRlclwiLCBcImRhdGFcIjoge1wiZmlsZW5hbWVcIjogXCIwMSAoMSkucG5nXCIsIFwidHlwZVwiOiBcImltYWdlL3BuZ1wiLCBcInNpemVcIjogODgxODU1fX19JztcblxuICAgICAgY29uc3QgY29ycmVjdFNpZ25hdHVyZSA9IHtcbiAgICAgICAgc2lnbmF0dXJlOiAnMTQ0OTViNTRiMjQ2ZTEzNTJiYjY5Y2Q5MWM1YzFiZmUyMjIxZjJkMDMzMDQxNGIzZGY4ZjVmYjI5MDNkYjczMCcsXG4gICAgICAgIHRpbWVzdGFtcDogJzE1NTkxOTk5MDEnLFxuICAgICAgfTtcblxuICAgICAgY29uc3Qgc2VjcmV0ID0gJ1k1Y1diMXJkUkRTVFNxRWpGNXB2JztcblxuICAgICAgZXhwZWN0KHZhbGlkYXRlV2ViaG9va1NpZ25hdHVyZShzZWNyZXQsIHRlc3RSYXdEYXRhLCBjb3JyZWN0U2lnbmF0dXJlKSkudG9CZVRydXRoeSgpO1xuICAgIH0pO1xuICB9KTtcbn0pO1xuIl19