UNPKG

filestack-js

Version:

Official JavaScript library for Filestack

github.com/filestack/filestack-js

filestack/filestack-js

68 lines (60 loc) 2.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/* * Copyright (c) 2018 by Filestack. * Some rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import { Security } from '../client'; import { WebhookValidatePayload, SecurityOptions } from './security'; import { FilestackError, FilestackErrorType } from './../../filestack_error'; import { getValidator, SecurityParamsSchema } from './../../schema'; import * as crypto from 'crypto'; /** * Returns Filestack base64 policy and HMAC-SHA256 signature * * ### Example * * ```js * import * as filestack from 'filestack-js'; * * const jsonPolicy = { 'expiry': 253381964415 }; * const security = filestack.getSecurity(jsonPolicy, '<YOUR_APP_SECRET>'); * ``` * * @param policyOptions * @param appSecret */ export const getSecurity = (policyOptions: SecurityOptions, appSecret: string): Security => { const validateRes = getValidator(SecurityParamsSchema)(policyOptions); if (validateRes.errors.length) { throw new FilestackError(`Invalid security params`, validateRes.errors, FilestackErrorType.VALIDATION); } const policy = Buffer.from(JSON.stringify(policyOptions)).toString('base64'); const signature = crypto.createHmac('sha256', appSecret) .update(policy) .digest('hex'); return { policy, signature }; }; /** * Check webhook signature * * @param secret - app secred * @param rawBody - unchanged raw webhook body * @param toCompare - data from wh response headers */ export const validateWebhookSignature = (secret: string, rawBody: string, toCompare: WebhookValidatePayload) => { const hash = crypto.createHmac('sha256', secret) .update(`${toCompare.timestamp}.${rawBody}`) .digest('hex'); return hash === toCompare.signature; };