From 4870c6584604d5463ffb9de2de1922de75c31927 Mon Sep 17 00:00:00 2001 From: Gregor Date: Sat, 23 Dec 2017 17:47:35 -0800 Subject: [PATCH] feat: api.verifyAndReceive({id, name, payload, signature}) --- index.js | 6 +++--- middleware/verify-and-receive.js | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 middleware/verify-and-receive.js diff --git a/index.js b/index.js index 86623fe2..d4ad2a8f 100644 --- a/index.js +++ b/index.js @@ -4,6 +4,7 @@ const createEventHandler = require('./event-handler') const middleware = require('./middleware/middleware') const sign = require('./sign') const verify = require('./verify') +const verifyAndReceive = require('./middleware/verify-and-receive') function createWebhooksApi (options) { if (!options || !options.secret) { @@ -16,14 +17,13 @@ function createWebhooksApi (options) { secret: options.secret } - const webhooksMiddleware = middleware.bind(null, state) - return { sign: sign.bind(null, options.secret), verify: verify.bind(null, options.secret), on: state.eventHandler.on, removeListener: state.eventHandler.removeListener, receive: state.eventHandler.receive, - middleware: webhooksMiddleware + middleware: middleware.bind(null, state), + verifyAndReceive: verifyAndReceive.bind(null, state) } } diff --git a/middleware/verify-and-receive.js b/middleware/verify-and-receive.js new file mode 100644 index 00000000..f760bb8d --- /dev/null +++ b/middleware/verify-and-receive.js @@ -0,0 +1,22 @@ +module.exports = verifyAndReceive + +const verify = require('../verify') + +function verifyAndReceive (state, event) { + const matchesSignature = verify(state.secret, event.payload, event.signature) + + if (!matchesSignature) { + const error = new Error('signature does not match event payload and secret') + + error.event = event + error.status = 400 + + return state.eventHandler.receive(error) + } + + return state.eventHandler.receive({ + id: event.id, + name: event.name, + payload: event.payload + }) +}