rename secretKey => privateKey

.env.example

@@ -1,12 +1,12 @@
 # Webhook
-SECRET_KEY="<Ed25519 Secret-key>"
+PRIVATE_KEY=<Ed25519 Private Key>
 WEBHOOK_URL=http://127.0.0.1:3000
 PORT=9102
 
 # Get Substreams API Key
 # https://app.pinax.network
 # https://app.streamingfast.io/
-SUBSTREAMS_API_KEY="<Substreams API Token @ https://pinax.network>"
+SUBSTREAMS_API_KEY=<Substreams API Token @ https://pinax.network>
 SUBSTREAMS_ENDPOINT=https://eth.substreams.pinax.network:443
 
 # Substreams Package (*.spkg)

.gitignore

@@ -14,3 +14,5 @@ docker-compose.yml
 substreams-sink-webhook
 bun.lockb
 .vscode
+examples/**/bun.lockb
+examples/**/package-lock.json

README.md

@@ -93,14 +93,14 @@ if (!isVerified) {
 
 ```env
 # Webhook
-SECRET_KEY="<Ed25519 Secret-key>"
+PRIVATE_KEY=<Ed25519 Private Key>
 WEBHOOK_URL=http://127.0.0.1:3000
 PORT=9102
 
 # Get Substreams API Key
 # https://app.pinax.network
 # https://app.streamingfast.io/
-SUBSTREAMS_API_KEY="<Substreams API Token @ https://pinax.network>"
+SUBSTREAMS_API_KEY=<Substreams API Token @ https://pinax.network>
 
 # Substreams Package (*.spkg)
 MANIFEST=https://github.com/pinax-network/substreams/releases/download/blocks-v0.1.0/blocks-v0.1.0.spkg
@@ -145,7 +145,7 @@ Options:
   --final-blocks-only <boolean>        Only process blocks that have pass finality, to prevent any reorg and undo signal by staying further away from the chain HEAD (default: "false", env: FINAL_BLOCKS_ONLY)
   --verbose <boolean>                  Enable verbose logging (default: "false", env: VERBOSE)
   --webhook-url <string>               Webhook URL to send POST (env: WEBHOOK_URL)
-  --secret-key <string>                TweetNaCl Secret-key to sign POST data payload (env: SECRET_KEY)
+  --private-key <string>               Ed25519 private key to sign POST data payload (env: PRIVATE_KEY)
   --disable-ping <boolean>             Disable ping on init (choices: "true", "false", default: false, env: DISABLE_PING)
   --disable-signature <boolean>        Disable Ed25519 signature (choices: "true", "false", default: false, env: DISABLE_SIGNATURE)
   --maximum-attempts <number>          Maximum attempts to retry POST (default: 100, env: MAXIMUM_ATTEMPTS)

bin/cli.ts

@@ -9,18 +9,21 @@ import { ping } from "../src/ping.js";
 
 export interface WebhookRunOptions extends commander.RunOptions {
   webhookUrl: string;
-  secretKey: string;
+  privateKey: string;
   expiryTime: number;
   maximumAttempts: number;
   disablePing: string;
   disableSignature: string;
 }
 
+const webhookUrlOption = new Option("--webhook-url <string>", "Webhook URL to send POST").makeOptionMandatory().env("WEBHOOK_URL");
+const privateKeyOption = new Option("--private-key <string>", "Ed25519 private key to sign POST data payload").makeOptionMandatory().env("PRIVATE_KEY");
+
 // Run Webhook Sink
 const program = commander.program(pkg);
 const command = commander.run(program, pkg);
-command.addOption(new Option("--webhook-url <string>", "Webhook URL to send POST").makeOptionMandatory().env("WEBHOOK_URL"));
-command.addOption(new Option("--secret-key <string>", "TweetNaCl Secret-key to sign POST data payload").makeOptionMandatory().env("SECRET_KEY"));
+command.addOption(webhookUrlOption);
+command.addOption(privateKeyOption);
 command.addOption(new Option("--disable-ping <boolean>", "Disable ping on init").choices(["true", "false"]).env("DISABLE_PING").default(false));
 command.addOption(new Option("--disable-signature <boolean>", "Disable Ed25519 signature").choices(["true", "false"]).env("DISABLE_SIGNATURE").default(false));
 command.addOption(new Option("--maximum-attempts <number>", "Maximum attempts to retry POST").env("MAXIMUM_ATTEMPTS").default(100));
@@ -30,19 +33,19 @@ program
   .command("keypair")
   .description("Generate TweetNaCl keypair")
   .action(() => {
-    const { publicKey, secretKey } = keyPair();
+    const { publicKey, privateKey } = keyPair();
     console.log(`PUBLIC_KEY=${publicKey}`);
-    console.log(`SECRET_KEY=${secretKey}`);
+    console.log(`PRIVATE_KEY=${privateKey}`);
   });
 
 program
   .command("ping")
   .description("Ping Webhook URL")
-  .addOption(new Option("--webhook-url <string>", "Webhook URL to send POST").makeOptionMandatory().env("WEBHOOK_URL"))
-  .addOption(new Option("--secret-key <string>", "TweetNaCl Secret-key to sign POST data payload").makeOptionMandatory().env("SECRET_KEY"))
+  .addOption(webhookUrlOption)
+  .addOption(privateKeyOption)
   .action(async (options: WebhookRunOptions) => {
     logger.settings.type = "hidden";
-    const response = await ping(options.webhookUrl, options.secretKey);
+    const response = await ping(options.webhookUrl, options.privateKey);
     if (response) console.log("✅ OK");
     else console.log("⁉️ ERROR");
   });

biome.json

@@ -39,6 +39,6 @@
     }
   },
   "organizeImports": {
-    "enabled": true
+    "enabled": false
   }
 }

examples/bun/http.ts

@@ -1,5 +1,5 @@
 import "dotenv/config";
-import nacl from "tweetnacl";
+import { ed25519 } from "@noble/curves/ed25519.js";
 
 const PORT = process.env.PORT ?? 3000;
 const PUBLIC_KEY = process.env.PUBLIC_KEY ?? "a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9";
@@ -12,18 +12,18 @@ export default {
   async fetch(request) {
     // get headers and body from POST request
     const signature = request.headers.get("x-signature-ed25519");
-    const timestamp = Number(request.headers.get("x-signature-timestamp"));
+    const timestamp = request.headers.get("x-signature-timestamp");
     const body = await request.text();
 
     if (!signature) return new Response("missing required signature in headers", { status: 400 });
     if (!timestamp) return new Response("missing required timestamp in headers", { status: 400 });
     if (!body) return new Response("missing body", { status: 400 });
 
     // validate signature using public key
-    const isVerified = nacl.sign.detached.verify(
+    const isVerified = ed25519.verify(
+      signature,
       Buffer.from(timestamp + body),
-      Buffer.from(signature, "hex"),
-      Buffer.from(PUBLIC_KEY, "hex"),
+      PUBLIC_KEY,
     );
     console.log({ isVerified, timestamp, signature });
     console.log(body);

examples/bun/package.json

@@ -3,7 +3,7 @@
     "start": "bun http.ts"
   },
   "dependencies": {
-    "tweetnacl": "latest",
+    "@noble/curves": "latest",
     "dotenv": "latest"
   }
 }

examples/express/http.ts

@@ -11,7 +11,7 @@ app.use(express.text({ type: "application/json" }));
 app.use(async (request, res) => {
   // get headers and body from POST request
   const signature = String(request.headers["x-signature-ed25519"]);
-  const timestamp = Number(request.headers["x-signature-timestamp"]);
+  const timestamp = String(request.headers["x-signature-timestamp"]);
   const body = await request.body;
 
   if (!signature) return new Response("missing required signature in headers", { status: 400 });