From 3e8898617c777d9d7bca422787744b7ef226d01b Mon Sep 17 00:00:00 2001 From: Deepak Date: Wed, 3 May 2023 16:20:26 +0200 Subject: [PATCH 1/4] Fix extra tokens issue --- lib/token.js | 50 +++++++++++++++++++++++++------------------------- lib/webhook.js | 6 +++++- 2 files changed, 30 insertions(+), 26 deletions(-) diff --git a/lib/token.js b/lib/token.js index ab04faa..0942cbf 100644 --- a/lib/token.js +++ b/lib/token.js @@ -7,31 +7,31 @@ const util = require("./util") * @param {String} key app key * @param {String} secret app secret */ -function Token(key, secret) { - this.key = key - this.secret = secret -} - -/** Signs the string using the secret. - * - * @param {String} string - * @returns {String} - */ -Token.prototype.sign = function (string) { - return crypto - .createHmac("sha256", this.secret) - .update(Buffer.from(string)) - .digest("hex") -} - -/** Checks if the string has correct signature. - * - * @param {String} string - * @param {String} signature - * @returns {Boolean} - */ -Token.prototype.verify = function (string, signature) { - return util.secureCompare(this.sign(string), signature) +class Token { + constructor(key, secret) { + this.key = key + this.secret = secret + } + /** Signs the string using the secret. + * + * @param {String} string + * @returns {String} + */ + sign(string) { + return crypto + .createHmac("sha256", this.secret) + .update(Buffer.from(string)) + .digest("hex") + } + /** Checks if the string has correct signature. + * + * @param {String} string + * @param {String} signature + * @returns {Boolean} + */ + verify(string, signature) { + return util.secureCompare(this.sign(string), signature) + } } module.exports = Token diff --git a/lib/webhook.js b/lib/webhook.js index 0c29d0b..3a2a3c9 100644 --- a/lib/webhook.js +++ b/lib/webhook.js @@ -1,4 +1,5 @@ const errors = require("./errors") +const Token = require("./token") /** Provides validation and access methods for a WebHook. * @@ -46,7 +47,10 @@ WebHook.prototype.isValid = function (extraTokens) { const tokens = [this.token].concat(extraTokens) for (const i in tokens) { - const token = tokens[i] + let token = tokens[i] + if (token instanceof Token === false) { + token = new Token(token.key, token.secret) + } if (this.key == token.key && token.verify(this.body, this.signature)) { return true } From 5fcc17d90f1d89bef8a7c6f9eaec2402c8f0fafb Mon Sep 17 00:00:00 2001 From: Deepak Date: Wed, 3 May 2023 16:29:26 +0200 Subject: [PATCH 2/4] Fix extra tokens issue --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d29105b..bedf10e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,8 @@ ## 5.1.2 -- [CHANGED] Add types/node-fetch to dependencies. +- [CHANGED] Add types/node-fetch to dependencies. + ## 5.1.1-beta (2022-06-01) [FIXED] Updated typescript types with new user features. @@ -90,7 +91,7 @@ const pusher = new Pusher.forURL(process.env.PUSHER_URL, { ## 2.2.1 (2019-07-03) -no-op release to fix the description on https://www.npmjs.com/package/pusher +no-op release to fix the description on ## 2.2.0 (2018-11-26) From c4494785a7aaff205a07c57166d83602f21d30f7 Mon Sep 17 00:00:00 2001 From: Deepak Date: Wed, 3 May 2023 16:51:58 +0200 Subject: [PATCH 3/4] Modify CHANGELOG --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bedf10e..9c7d205 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 5.1.3 + +[FIXED] Parsing of the extraTokens in webhook's isValid method + ## 5.1.2 - [CHANGED] Add types/node-fetch to dependencies. From a2a0d427009b92a8f006455da415099cd29b4e4f Mon Sep 17 00:00:00 2001 From: Deepak Date: Wed, 3 May 2023 16:52:16 +0200 Subject: [PATCH 4/4] 5.1.3 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3bdb217..25172b6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "pusher", - "version": "5.1.1-beta", + "version": "5.1.3", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "pusher", - "version": "5.1.1-beta", + "version": "5.1.3", "license": "MIT", "dependencies": { "@types/node-fetch": "^2.5.7", diff --git a/package.json b/package.json index 7822724..c42f9ca 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "pusher", "description": "Node.js client to interact with the Pusher Channels REST API", - "version": "5.1.2", + "version": "5.1.3", "author": "Pusher ", "contributors": [ {