UNPKG

filestack-js

Version:

Official JavaScript library for Filestack

github.com/filestack/filestack-js

filestack/filestack-js

67 lines (65 loc) 7.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"use strict"; /* * Copyright (c) 2018 by Filestack. * Some rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ Object.defineProperty(exports, "__esModule", { value: true }); exports.validateWebhookSignature = exports.getSecurity = void 0; var tslib_1 = require("tslib"); var filestack_error_1 = require("./../../filestack_error"); var schema_1 = require("./../../schema"); var crypto = tslib_1.__importStar(require("crypto")); /** * Returns Filestack base64 policy and HMAC-SHA256 signature * * ### Example * * ```js * import * as filestack from 'filestack-js'; * * const jsonPolicy = { 'expiry': 253381964415 }; * const security = filestack.getSecurity(jsonPolicy, '<YOUR_APP_SECRET>'); * ``` * * @param policyOptions * @param appSecret */ var getSecurity = function (policyOptions, appSecret) { var validateRes = (0, schema_1.getValidator)(schema_1.SecurityParamsSchema)(policyOptions); if (validateRes.errors.length) { throw new filestack_error_1.FilestackError("Invalid security params", validateRes.errors, filestack_error_1.FilestackErrorType.VALIDATION); } var policy = Buffer.from(JSON.stringify(policyOptions)).toString('base64'); var signature = crypto.createHmac('sha256', appSecret) .update(policy) .digest('hex'); return { policy: policy, signature: signature }; }; exports.getSecurity = getSecurity; /** * Check webhook signature * * @param secret - app secred * @param rawBody - unchanged raw webhook body * @param toCompare - data from wh response headers */ var validateWebhookSignature = function (secret, rawBody, toCompare) { var hash = crypto.createHmac('sha256', secret) .update("".concat(toCompare.timestamp, ".").concat(rawBody)) .digest('hex'); return hash === toCompare.signature; }; exports.validateWebhookSignature = validateWebhookSignature; //# sourceMappingURL=data:application/json;charset=utf8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9saWIvYXBpL3NlY3VyaXR5Lm5vZGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7Ozs7Ozs7R0FlRzs7OztBQUlILDJEQUE2RTtBQUM3RSx5Q0FBb0U7QUFDcEUscURBQWlDO0FBRWpDOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0ksSUFBTSxXQUFXLEdBQUcsVUFBQyxhQUE4QixFQUFFLFNBQWlCO0lBQzNFLElBQU0sV0FBVyxHQUFHLElBQUEscUJBQVksRUFBQyw2QkFBb0IsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBRXRFLElBQUksV0FBVyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUU7UUFDN0IsTUFBTSxJQUFJLGdDQUFjLENBQUMseUJBQXlCLEVBQUUsV0FBVyxDQUFDLE1BQU0sRUFBRSxvQ0FBa0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztLQUN4RztJQUVELElBQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUM3RSxJQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUM7U0FDdEMsTUFBTSxDQUFDLE1BQU0sQ0FBQztTQUNkLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUVoQyxPQUFPLEVBQUUsTUFBTSxRQUFBLEVBQUUsU0FBUyxXQUFBLEVBQUUsQ0FBQztBQUMvQixDQUFDLENBQUM7QUFiVyxRQUFBLFdBQVcsZUFhdEI7QUFFRjs7Ozs7O0dBTUc7QUFDSSxJQUFNLHdCQUF3QixHQUFHLFVBQUMsTUFBYyxFQUFFLE9BQWUsRUFBRSxTQUFpQztJQUN6RyxJQUFNLElBQUksR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxNQUFNLENBQUM7U0FDakMsTUFBTSxDQUFDLFVBQUcsU0FBUyxDQUFDLFNBQVMsY0FBSSxPQUFPLENBQUUsQ0FBQztTQUMzQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7SUFFN0IsT0FBTyxJQUFJLEtBQUssU0FBUyxDQUFDLFNBQVMsQ0FBQztBQUN0QyxDQUFDLENBQUM7QUFOVyxRQUFBLHdCQUF3Qiw0QkFNbkMiLCJmaWxlIjoibGliL2FwaS9zZWN1cml0eS5ub2RlLmpzIiwic291cmNlc0NvbnRlbnQiOlsiLypcbiAqIENvcHlyaWdodCAoYykgMjAxOCBieSBGaWxlc3RhY2suXG4gKiBTb21lIHJpZ2h0cyByZXNlcnZlZC5cbiAqXG4gKiBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgXCJMaWNlbnNlXCIpO1xuICogeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLlxuICogWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0XG4gKlxuICogICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMFxuICpcbiAqIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc29mdHdhcmVcbiAqIGRpc3RyaWJ1dGVkIHVuZGVyIHRoZSBMaWNlbnNlIGlzIGRpc3RyaWJ1dGVkIG9uIGFuIFwiQVMgSVNcIiBCQVNJUyxcbiAqIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvciBpbXBsaWVkLlxuICogU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZFxuICogbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgU2VjdXJpdHkgfSBmcm9tICcuLi9jbGllbnQnO1xuaW1wb3J0IHsgV2ViaG9va1ZhbGlkYXRlUGF5bG9hZCwgU2VjdXJpdHlPcHRpb25zIH0gZnJvbSAnLi9zZWN1cml0eSc7XG5pbXBvcnQgeyBGaWxlc3RhY2tFcnJvciwgRmlsZXN0YWNrRXJyb3JUeXBlIH0gZnJvbSAnLi8uLi8uLi9maWxlc3RhY2tfZXJyb3InO1xuaW1wb3J0IHsgZ2V0VmFsaWRhdG9yLCBTZWN1cml0eVBhcmFtc1NjaGVtYSB9IGZyb20gJy4vLi4vLi4vc2NoZW1hJztcbmltcG9ydCAqIGFzIGNyeXB0byBmcm9tICdjcnlwdG8nO1xuXG4vKipcbiAqIFJldHVybnMgRmlsZXN0YWNrIGJhc2U2NCBwb2xpY3kgYW5kIEhNQUMtU0hBMjU2IHNpZ25hdHVyZVxuICpcbiAqICMjIyBFeGFtcGxlXG4gKlxuICogYGBganNcbiAqIGltcG9ydCAqIGFzIGZpbGVzdGFjayBmcm9tICdmaWxlc3RhY2stanMnO1xuICpcbiAqIGNvbnN0IGpzb25Qb2xpY3kgPSB7ICdleHBpcnknOiAyNTMzODE5NjQ0MTUgfTtcbiAqIGNvbnN0IHNlY3VyaXR5ID0gZmlsZXN0YWNrLmdldFNlY3VyaXR5KGpzb25Qb2xpY3ksICc8WU9VUl9BUFBfU0VDUkVUPicpO1xuICogYGBgXG4gKlxuICogQHBhcmFtIHBvbGljeU9wdGlvbnNcbiAqIEBwYXJhbSBhcHBTZWNyZXRcbiAqL1xuZXhwb3J0IGNvbnN0IGdldFNlY3VyaXR5ID0gKHBvbGljeU9wdGlvbnM6IFNlY3VyaXR5T3B0aW9ucywgYXBwU2VjcmV0OiBzdHJpbmcpOiBTZWN1cml0eSA9PiB7XG4gIGNvbnN0IHZhbGlkYXRlUmVzID0gZ2V0VmFsaWRhdG9yKFNlY3VyaXR5UGFyYW1zU2NoZW1hKShwb2xpY3lPcHRpb25zKTtcblxuICBpZiAodmFsaWRhdGVSZXMuZXJyb3JzLmxlbmd0aCkge1xuICAgIHRocm93IG5ldyBGaWxlc3RhY2tFcnJvcihgSW52YWxpZCBzZWN1cml0eSBwYXJhbXNgLCB2YWxpZGF0ZVJlcy5lcnJvcnMsIEZpbGVzdGFja0Vycm9yVHlwZS5WQUxJREFUSU9OKTtcbiAgfVxuXG4gIGNvbnN0IHBvbGljeSA9IEJ1ZmZlci5mcm9tKEpTT04uc3RyaW5naWZ5KHBvbGljeU9wdGlvbnMpKS50b1N0cmluZygnYmFzZTY0Jyk7XG4gIGNvbnN0IHNpZ25hdHVyZSA9IGNyeXB0by5jcmVhdGVIbWFjKCdzaGEyNTYnLCBhcHBTZWNyZXQpXG4gICAgICAgICAgICAgICAgICAgLnVwZGF0ZShwb2xpY3kpXG4gICAgICAgICAgICAgICAgICAgLmRpZ2VzdCgnaGV4Jyk7XG5cbiAgcmV0dXJuIHsgcG9saWN5LCBzaWduYXR1cmUgfTtcbn07XG5cbi8qKlxuICogQ2hlY2sgd2ViaG9vayBzaWduYXR1cmVcbiAqXG4gKiBAcGFyYW0gc2VjcmV0IC0gYXBwIHNlY3JlZFxuICogQHBhcmFtIHJhd0JvZHkgLSB1bmNoYW5nZWQgcmF3IHdlYmhvb2sgYm9keVxuICogQHBhcmFtIHRvQ29tcGFyZSAtIGRhdGEgZnJvbSB3aCByZXNwb25zZSBoZWFkZXJzXG4gKi9cbmV4cG9ydCBjb25zdCB2YWxpZGF0ZVdlYmhvb2tTaWduYXR1cmUgPSAoc2VjcmV0OiBzdHJpbmcsIHJhd0JvZHk6IHN0cmluZywgdG9Db21wYXJlOiBXZWJob29rVmFsaWRhdGVQYXlsb2FkKSA9PiB7XG4gIGNvbnN0IGhhc2ggPSBjcnlwdG8uY3JlYXRlSG1hYygnc2hhMjU2Jywgc2VjcmV0KVxuICAgICAgICAgICAgICAgIC51cGRhdGUoYCR7dG9Db21wYXJlLnRpbWVzdGFtcH0uJHtyYXdCb2R5fWApXG4gICAgICAgICAgICAgICAgLmRpZ2VzdCgnaGV4Jyk7XG5cbiAgcmV0dXJuIGhhc2ggPT09IHRvQ29tcGFyZS5zaWduYXR1cmU7XG59O1xuIl19