diff --git a/CHANGELOG.md b/CHANGELOG.md index d29105b..9c7d205 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,13 @@ # Changelog +## 5.1.3 + +[FIXED] Parsing of the extraTokens in webhook's isValid method + ## 5.1.2 -- [CHANGED] Add types/node-fetch to dependencies. +- [CHANGED] Add types/node-fetch to dependencies. + ## 5.1.1-beta (2022-06-01) [FIXED] Updated typescript types with new user features. @@ -90,7 +95,7 @@ const pusher = new Pusher.forURL(process.env.PUSHER_URL, { ## 2.2.1 (2019-07-03) -no-op release to fix the description on https://www.npmjs.com/package/pusher +no-op release to fix the description on ## 2.2.0 (2018-11-26) diff --git a/lib/token.js b/lib/token.js index ab04faa..0942cbf 100644 --- a/lib/token.js +++ b/lib/token.js @@ -7,31 +7,31 @@ const util = require("./util") * @param {String} key app key * @param {String} secret app secret */ -function Token(key, secret) { - this.key = key - this.secret = secret -} - -/** Signs the string using the secret. - * - * @param {String} string - * @returns {String} - */ -Token.prototype.sign = function (string) { - return crypto - .createHmac("sha256", this.secret) - .update(Buffer.from(string)) - .digest("hex") -} - -/** Checks if the string has correct signature. - * - * @param {String} string - * @param {String} signature - * @returns {Boolean} - */ -Token.prototype.verify = function (string, signature) { - return util.secureCompare(this.sign(string), signature) +class Token { + constructor(key, secret) { + this.key = key + this.secret = secret + } + /** Signs the string using the secret. + * + * @param {String} string + * @returns {String} + */ + sign(string) { + return crypto + .createHmac("sha256", this.secret) + .update(Buffer.from(string)) + .digest("hex") + } + /** Checks if the string has correct signature. + * + * @param {String} string + * @param {String} signature + * @returns {Boolean} + */ + verify(string, signature) { + return util.secureCompare(this.sign(string), signature) + } } module.exports = Token diff --git a/lib/webhook.js b/lib/webhook.js index 0c29d0b..3a2a3c9 100644 --- a/lib/webhook.js +++ b/lib/webhook.js @@ -1,4 +1,5 @@ const errors = require("./errors") +const Token = require("./token") /** Provides validation and access methods for a WebHook. * @@ -46,7 +47,10 @@ WebHook.prototype.isValid = function (extraTokens) { const tokens = [this.token].concat(extraTokens) for (const i in tokens) { - const token = tokens[i] + let token = tokens[i] + if (token instanceof Token === false) { + token = new Token(token.key, token.secret) + } if (this.key == token.key && token.verify(this.body, this.signature)) { return true } diff --git a/package-lock.json b/package-lock.json index 3bdb217..25172b6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "pusher", - "version": "5.1.1-beta", + "version": "5.1.3", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "pusher", - "version": "5.1.1-beta", + "version": "5.1.3", "license": "MIT", "dependencies": { "@types/node-fetch": "^2.5.7", diff --git a/package.json b/package.json index 7822724..c42f9ca 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "pusher", "description": "Node.js client to interact with the Pusher Channels REST API", - "version": "5.1.2", + "version": "5.1.3", "author": "Pusher ", "contributors": [ {