pusher · deeborania · May 3, 2023 · May 3, 2023 · May 3, 2023 · May 3, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,13 @@
 # Changelog
 
+## 5.1.3
+
+[FIXED] Parsing of the extraTokens in webhook's isValid method
+
 ## 5.1.2
 
-- [CHANGED] Add types/node-fetch to dependencies.
+- [CHANGED] Add types/node-fetch to dependencies.
+
 ## 5.1.1-beta (2022-06-01)
 
 [FIXED] Updated typescript types with new user features.
@@ -90,7 +95,7 @@ const pusher = new Pusher.forURL(process.env.PUSHER_URL, {
 
 ## 2.2.1 (2019-07-03)
 
-no-op release to fix the description on https://www.npmjs.com/package/pusher
+no-op release to fix the description on <https://www.npmjs.com/package/pusher>
 
 ## 2.2.0 (2018-11-26)
 

diff --git a/lib/token.js b/lib/token.js
@@ -7,31 +7,31 @@ const util = require("./util")
  * @param {String} key app key
  * @param {String} secret app secret
  */
-function Token(key, secret) {
-  this.key = key
-  this.secret = secret
-}
-
-/** Signs the string using the secret.
- *
- * @param {String} string
- * @returns {String}
- */
-Token.prototype.sign = function (string) {
-  return crypto
-    .createHmac("sha256", this.secret)
-    .update(Buffer.from(string))
-    .digest("hex")
-}
-
-/** Checks if the string has correct signature.
- *
- * @param {String} string
- * @param {String} signature
- * @returns {Boolean}
- */
-Token.prototype.verify = function (string, signature) {
-  return util.secureCompare(this.sign(string), signature)
+class Token {
+  constructor(key, secret) {
+    this.key = key
+    this.secret = secret
+  }
+  /** Signs the string using the secret.
+   *
+   * @param {String} string
+   * @returns {String}
+   */
+  sign(string) {
+    return crypto
+      .createHmac("sha256", this.secret)
+      .update(Buffer.from(string))
+      .digest("hex")
+  }
+  /** Checks if the string has correct signature.
+   *
+   * @param {String} string
+   * @param {String} signature
+   * @returns {Boolean}
+   */
+  verify(string, signature) {
+    return util.secureCompare(this.sign(string), signature)
+  }
 }
 
 module.exports = Token
diff --git a/lib/webhook.js b/lib/webhook.js
@@ -1,4 +1,5 @@
 const errors = require("./errors")
+const Token = require("./token")
 
 /** Provides validation and access methods for a WebHook.
  *
@@ -46,7 +47,10 @@ WebHook.prototype.isValid = function (extraTokens) {
 
   const tokens = [this.token].concat(extraTokens)
   for (const i in tokens) {
-    const token = tokens[i]
+    let token = tokens[i]
+    if (token instanceof Token === false) {
+      token = new Token(token.key, token.secret)
+    }
     if (this.key == token.key && token.verify(this.body, this.signature)) {
       return true
     }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "pusher",
   "description": "Node.js client to interact with the Pusher Channels REST API",
-  "version": "5.1.2",
+  "version": "5.1.3",
   "author": "Pusher <support@pusher.com>",
   "contributors": [
     {