From f5135c66b217cfb5d9c50725b5deb2e98cad8afa Mon Sep 17 00:00:00 2001
From: Nathaniel Wesley Filardo <nfilardo@microsoft.com>
Date: Mon, 5 Dec 2022 04:34:52 +0000
Subject: [PATCH] Expose array of secrets option at toplevel

Add typechecking and integration tests

FIXES https://github.com/octokit/webhooks.js/issues/770
---
 src/index.ts                      |  4 ++--
 src/types.ts                      |  2 +-
 test/integration/webhooks.test.ts | 16 ++++++++++++++++
 test/typescript-validate.ts       |  5 +++++
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 08868a63..5c3e85f8 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -43,12 +43,12 @@ class Webhooks<TTransformed = unknown> {
       | EmitterWebhookEventWithSignature
   ) => Promise<void>;
 
-  constructor(options: Options<TTransformed> & { secret: string }) {
+  constructor(options: Options<TTransformed> & { secret: string | string[] }) {
     if (!options || !options.secret) {
       throw new Error("[@octokit/webhooks] options.secret required");
     }
 
-    const state: State & { secret: string } = {
+    const state: State & { secret: string | string[] } = {
       eventHandler: createEventHandler(options),
       secret: options.secret,
       hooks: {},
diff --git a/src/types.ts b/src/types.ts
index a2eedbe4..b6640d3a 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -33,7 +33,7 @@ interface BaseWebhookEvent<TName extends WebhookEventName> {
 }
 
 export interface Options<TTransformed = unknown> {
-  secret?: string;
+  secret?: string | string[];
   transform?: TransformMethod<TTransformed>;
   log?: Partial<Logger>;
 }
diff --git a/test/integration/webhooks.test.ts b/test/integration/webhooks.test.ts
index 97337f12..2aa4728d 100644
--- a/test/integration/webhooks.test.ts
+++ b/test/integration/webhooks.test.ts
@@ -81,6 +81,22 @@ describe("Webhooks", () => {
     });
   });
 
+  test("webhooks.verifyAndReceive({ ...event, signature }) with one of several secrets", async () => {
+    const secret1 = "mysecret";
+    const secret2 = "mysecret2";
+    const webhooks = new Webhooks({ secret: [secret1, secret2] });
+
+    await webhooks.verifyAndReceive({
+      id: "1",
+      name: "push",
+      payload: pushEventPayloadString,
+      signature: await sign(
+        { secret: secret2, algorithm: "sha256" },
+        pushEventPayloadString
+      ),
+    });
+  });
+
   test("webhooks.verifyAndReceive(event) with incorrect signature", async () => {
     const webhooks = new Webhooks({ secret: "mysecret" });
 
diff --git a/test/typescript-validate.ts b/test/typescript-validate.ts
index 8268909f..8b6f9ba2 100644
--- a/test/typescript-validate.ts
+++ b/test/typescript-validate.ts
@@ -69,6 +69,11 @@ export default async function () {
     secret: "blah",
   });
 
+  // Check that secret can be an array, too
+  new Webhooks({
+    secret: ["blah", "bleh"],
+  });
+
   // Check all supported options
   const webhooks = new Webhooks({
     secret: "blah",