fix signature verification for Tweetnacl flow

.eslintignore

@@ -1 +1,2 @@
 *.node*.js
+node_modules

examples/webhook-signing/express.js

@@ -50,8 +50,8 @@ router.post('/webhooks', addRawBody, function(request, response) {
     // Try adding the Event as `request.event`
     event = telnyx.webhooks.constructEvent(
       request.rawBody,
-      request.headers['telnyx-signature'],
-      request.headers['telnyx-timestamp'],
+      request.header('telnyx-signature-ed25519'),
+      request.header('telnyx-timestamp'),
       publicKey
     );
   } catch (e) {
@@ -61,10 +61,10 @@ router.post('/webhooks', addRawBody, function(request, response) {
     return response.status(400).send('Webhook Error:' + e.message);
   }
 
-  console.log('Success', event.id);
+  console.log('Success', event.data.id);
 
   // Event was 'constructed', so we can respond with a 200 OK
-  response.status(200).send('Signed Webhook Received: ' + event.id);
+  response.status(200).send('Signed Webhook Received: ' + event.data.id);
 });
 
 // You could either create this app, or just return the `Router` for use in an

examples/webhook-signing/package.json

@@ -3,13 +3,13 @@
   "version": "1.0.0",
   "description": "",
   "main": "index.js",
-  "scripts": {  },
+  "scripts": {},
   "author": "",
   "license": "ISC",
   "dependencies": {
     "body-parser": "^1.17.1",
     "express": "^4.15.2",
     "morgan": "^1.8.1",
-    "telnyx": "^1.0.0"
+    "telnyx": "^1.2.1"
   }
 }

lib/Webhooks.js

@@ -23,11 +23,14 @@ var signature = {
 
     var payloadBuffer = Buffer.from(`${timestampHeader}|${payload}`, 'utf8');
 
-    var keyPair = nacl.sign.keyPair.fromSeed(Buffer.from(publicKey, 'base64'));
     var verification;
 
     try {
-      verification = nacl.sign.detached.verify(payloadBuffer, signatureHeader, keyPair.publicKey);
+      verification = nacl.sign.detached.verify(
+        payloadBuffer,
+        Buffer.from(signatureHeader, 'base64'),
+        Buffer.from(publicKey, 'base64')
+      );
     } catch (err) {
       throwSignatureVerificationError(payload, signatureHeader, timestampHeader);
     }

test/Webhook.spec.js

@@ -29,7 +29,8 @@ var EVENT_PAYLOAD = {
 };
 var EVENT_PAYLOAD_STRING = JSON.stringify(EVENT_PAYLOAD, null, 2);
 
-var PUBLIC_KEY = crypto.randomBytes(32);
+var KEY_PAIR = nacl.sign.keyPair.fromSeed(crypto.randomBytes(32));
+var PUBLIC_KEY = KEY_PAIR.publicKey;
 
 describe('Webhooks', function() {
   describe('.constructEvent', function() {
@@ -144,5 +145,5 @@ function generateSignature(opts) {
 
   var payload = Buffer.from(`${opts.timestamp}|${opts.payload}`, 'utf8');
 
-  return nacl.sign.detached(payload, nacl.sign.keyPair.fromSeed(Buffer.from(PUBLIC_KEY, 'base64')).secretKey);
+  return nacl.sign.detached(payload, KEY_PAIR.secretKey);
 }