Skip to content

Commit

Permalink
fix(webhooks): replace c compiled ed25519 package with native one (#8)
Browse files Browse the repository at this point in the history 
* replace c compiled ed25519 package with native one
tweetnacl translates the original TweetNaCl implementation to JS
including ed25519 implementation

* update shrinkwrap

* add node v12 to travis
  • Loading branch information
@lucasassisrosa
lucasassisrosa committed Sep 5, 2019
1 parent e9501a9 commit 9e6364f
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 40 deletions.
1 change: 1 addition & 0 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ node_js:
- "8"
- "9"
- "10"
- "12"
sudo: false

cache:
Expand Down
8 changes: 3 additions & 5 deletions lib/Webhooks.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
'use strict';

var Buffer = require('safe-buffer').Buffer;
var ed25519 = require('ed25519');
var nacl = require('tweetnacl');

var Error = require('./Error');

Expand All @@ -23,13 +23,11 @@ var signature = {

var payloadBuffer = Buffer.from(`${timestampHeader}|${payload}`, 'utf8');

// eslint-disable-next-line new-cap
var keyPair = ed25519.MakeKeypair(Buffer.from(publicKey, 'base64'));
var keyPair = nacl.sign.keyPair.fromSeed(Buffer.from(publicKey, 'base64'));
var verification;

try {
// eslint-disable-next-line new-cap
verification = ed25519.Verify(payloadBuffer, signatureHeader, keyPair.publicKey);
verification = nacl.sign.detached.verify(payloadBuffer, signatureHeader, keyPair.publicKey);
} catch (err) {
throwSignatureVerificationError(payload, signatureHeader, timestampHeader);
}
Expand Down
50 changes: 19 additions & 31 deletions npm-shrinkwrap.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@
"nyc": "^14.1.1"
},
"dependencies": {
"ed25519": "0.0.4",
"lodash.isplainobject": "^4.0.6",
"qs": "^6.6.0",
"safe-buffer": "^5.1.1",
"tweetnacl": "^1.0.1",
"uuid": "^3.3.2"
},
"license": "MIT",
Expand Down
5 changes: 2 additions & 3 deletions test/Webhook.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ var telnyx = require('../testUtils').getSpyableTelnyx();
var expect = require('chai').expect;
var Buffer = require('safe-buffer').Buffer;
var crypto = require('crypto');
var ed25519 = require('ed25519');
var nacl = require('tweetnacl');

var EVENT_PAYLOAD = {
data: {
Expand Down Expand Up @@ -144,6 +144,5 @@ function generateSignature(opts) {

var payload = Buffer.from(`${opts.timestamp}|${opts.payload}`, 'utf8');

// eslint-disable-next-line new-cap
return ed25519.Sign(payload, ed25519.MakeKeypair(Buffer.from(PUBLIC_KEY, 'base64')));
return nacl.sign.detached(payload, nacl.sign.keyPair.fromSeed(Buffer.from(PUBLIC_KEY, 'base64')).secretKey);
}

0 comments on commit 9e6364f

Please sign in to comment.