diff --git a/.env.example b/.env.example index 2a5fbe6..73732da 100644 --- a/.env.example +++ b/.env.example @@ -1,15 +1,22 @@ # Webhook -SECRET_KEY="" -PUBLIC_KEY="" +PRIVATE_KEY= WEBHOOK_URL=http://127.0.0.1:3000 +PORT=9102 # Get Substreams API Key # https://app.pinax.network # https://app.streamingfast.io/ -SUBSTREAMS_API_KEY="" +SUBSTREAMS_API_KEY= SUBSTREAMS_ENDPOINT=https://eth.substreams.pinax.network:443 -# Substreams package +# Substreams Package (*.spkg) MANIFEST=https://github.com/pinax-network/substreams/releases/download/blocks-v0.1.0/blocks-v0.1.0.spkg MODULE_NAME=map_blocks START_BLOCK=-10 +PRODUCTION_MODE=true + +# Webhook (Optional) +DISABLE_PING=false +DISABLE_SIGNATURE=false +VERBOSE=true +MAXIMUM_ATTEMPTS=100 diff --git a/.github/workflows/bun-build.yml b/.github/workflows/bun-build.yml deleted file mode 100644 index 7395fdf..0000000 --- a/.github/workflows/bun-build.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Generate standalone Bun executable -on: - release: - types: [published] - -permissions: - contents: write - -jobs: - build-and-push-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: oven-sh/setup-bun@v1 - with: - bun-version: latest - - run: bun install - - run: bun run test - - run: bun run build - - uses: softprops/action-gh-release@v1 - with: - files: | - substreams-sink-webhook \ No newline at end of file diff --git a/.gitignore b/.gitignore index 0874804..a215835 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ docker-compose.yml substreams-sink-webhook bun.lockb .vscode +examples/**/bun.lockb +examples/**/package-lock.json \ No newline at end of file diff --git a/README.md b/README.md index 6651b95..26a9fb2 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,9 @@ ## HTTP Server examples - [`Bun`](/examples/bun) - https://bun.sh/ -- [`Deno`](/examples/deno) - https://deno.com/runtime - [`Express`](/examples/express) - https://expressjs.com/ -- [`node:http`](/examples/node:http) - https://nodejs.org/api/http.html -- [POST request](/examples/post.http) +- [`node:http`](/examples/node) - https://nodejs.org/api/http.html +- [POST request](/examples/http) ## 📖 References @@ -30,8 +29,8 @@ The POST message will be a JSON object with the following structure: ```http POST http://localhost:3000 HTTP/1.1 content-type: application/json -x-signature-ed25519: 6ec208fc250059fdb0fa543e01339ee3c6967da6fc7b6bf86dcd8217fa2e130ce2e17a5258fcf9bbe415de223d00eaee2f6949ef3a44594b42e7fb1a53481802 -x-signature-timestamp: 1696733583 +x-signature-ed25519: 8f01c66ccda5b987c43d913290419572ea586dbef2077fa166c4a84797e1d2c76b305bc67ed43efb1fc841562620a61cb59c4d8a13de689a2e98ead19190f80c +x-signature-timestamp: 1707776632 ``` **body** @@ -41,23 +40,23 @@ x-signature-timestamp: 1696733583 ```json { "status": 200, - "cursor": "T0S2BNqDj6a8pKMA6bEXAaWwLpc_DFltXAvkKhhBj4L29XqRiMmiVjVzbU_UxPzyiRLsSV-q2tzLEih6oMZR7oLpwbA2vHI_F39_l9vm_ODoe6CjP1tJdekzCuzcN9DRWD7eYgv7c7EK6dXiMqeMM0ZkNsEjfmLn2j0EpYJWdaUVunUzlT2vdc6Ag_iU-dAQrOV0QLelxyOkUzJ-fx5cbJ6GNaPKuW51bQ==", + "cursor": "OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2", "session": { - "traceId": "4ebea20349c16844d92bf6c961f627fa", - "resolvedStartBlock": 32900744 + "traceId": "3cbb0a1c772a47a72995d95f4c6d2cff", + "resolvedStartBlock": 53448515 }, "clock": { - "timestamp": "2022-09-09T20:23:38.000Z", - "number": 32901090, - "id": "9058ded4fd65b4de2d772564366f1b61bc328bac7a4c4b87d73ca6ab4bae6be8" + "timestamp": "2024-02-12T22:23:51.000Z", + "number": 53448530, + "id": "f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142" }, "manifest": { "substreamsEndpoint": "https://polygon.substreams.pinax.network:443", "chain": "polygon", "finalBlockOnly": "false", - "moduleName": "map_block_stats", - "type": "subtivity.v1.BlockStats", - "moduleHash": "6fb7bbc60685bbfc1cd209d26697639e05efdb24" + "moduleName": "map_blocks", + "type": "sf.substreams.v1.Clock", + "moduleHash": "44c506941d5f30db6cca01692624395d1ac40cd1" }, "data": { ... @@ -71,21 +70,18 @@ x-signature-timestamp: 1696733583 import nacl from "tweetnacl"; // ...HTTP server +const PUBLIC_KEY = "APPLICATION_PUBLIC_KEY"; // get headers and body from POST request -const rawBody = await request.text(); const signature = request.headers.get("x-signature-ed25519"); -const expiry = Number(request.headers.get("x-signature-ed25519-expiry")); -const publicKey = request.headers.get("x-signature-ed25519-public-key"); - -if (new Date().getTime() >= expiry) return new Response("signature expired", { status: 401 }); +const timestamp = request.headers.get("x-signature-timestamp"); +const body = await request.text(); // validate signature using public key -const payload = JSON.stringify({ exp: expiry, id: publicKey }); const isVerified = nacl.sign.detached.verify( - Buffer.from(payload), + Buffer.from(timestamp + body), Buffer.from(signature, "hex"), - Buffer.from(publicKey, "hex") + Buffer.from(PUBLIC_KEY, "hex") ); if (!isVerified) { @@ -97,18 +93,26 @@ if (!isVerified) { ```env # Webhook -SECRET_KEY="" -PUBLIC_KEY="" +PRIVATE_KEY= WEBHOOK_URL=http://127.0.0.1:3000 - -# Substreams endpoint -SUBSTREAMS_API_TOKEN="" -SUBSTREAMS_ENDPOINT=https://polygon.substreams.pinax.network:443 - -# Substreams package -MANIFEST=https://github.com/pinax-network/subtivity-substreams/releases/download/v0.3.0/subtivity-ethereum-v0.3.0.spkg -MODULE_NAME=map_block_stats -START_BLOCK=-1 +PORT=9102 + +# Get Substreams API Key +# https://app.pinax.network +# https://app.streamingfast.io/ +SUBSTREAMS_API_KEY= + +# Substreams Package (*.spkg) +MANIFEST=https://github.com/pinax-network/substreams/releases/download/blocks-v0.1.0/blocks-v0.1.0.spkg +MODULE_NAME=map_blocks +START_BLOCK=-10 +PRODUCTION_MODE=true + +# Webhook (Optional) +DISABLE_PING=false +DISABLE_SIGNATURE=false +VERBOSE=true +MAXIMUM_ATTEMPTS=100 ``` ## Help @@ -127,12 +131,11 @@ Options: -s --start-block Start block to stream from (defaults to -1, which means the initialBlock of the first module you are streaming) (default: "-1", env: START_BLOCK) -t --stop-block Stop block to end stream at, inclusively (env: STOP_BLOCK) -p, --params Set a params for parameterizable modules. Can be specified multiple times. (ex: -p module1=valA -p module2=valX&valY) (default: [], env: PARAMS) - --substreams-api-token API token for the substream endpoint or API key if '--auth-issue-url' is specified (default: "", env: SUBSTREAMS_API_TOKEN) - --auth-issue-url URL used to issue a token (default: "https://auth.pinax.network/v1/auth/issue", env: AUTH_ISSUE_URL) + --substreams-api-key API key for the Substream endpoint (env: SUBSTREAMS_API_KEY) --delay-before-start Delay (ms) before starting Substreams (default: 0, env: DELAY_BEFORE_START) --cursor-path File path or URL to cursor lock file (default: "cursor.lock", env: CURSOR_PATH) --http-cursor-auth Basic auth credentials for http cursor (ex: username:password) (env: HTTP_CURSOR_AUTH) - --production-mode Enable production mode, allows cached substreams data if available (default: "false", env: PRODUCTION_MODE) + --production-mode Enable production mode, allows cached Substreams data if available (default: "false", env: PRODUCTION_MODE) --inactivity-seconds If set, the sink will stop when inactive for over a certain amount of seconds (default: 300, env: INACTIVITY_SECONDS) --hostname The process will listen on this hostname for any HTTP and Prometheus metrics requests (default: "localhost", env: HOSTNAME) --port The process will listen on this port for any HTTP and Prometheus metrics requests (default: 9102, env: PORT) @@ -142,8 +145,10 @@ Options: --final-blocks-only Only process blocks that have pass finality, to prevent any reorg and undo signal by staying further away from the chain HEAD (default: "false", env: FINAL_BLOCKS_ONLY) --verbose Enable verbose logging (default: "false", env: VERBOSE) --webhook-url Webhook URL to send POST (env: WEBHOOK_URL) - --secret-key TweetNaCl Secret-key to sign POST data payload (env: SECRET_KEY) - --disable-ping Disable ping on init (default: false, env: DISABLE_PING) + --private-key Ed25519 private key to sign POST data payload (env: PRIVATE_KEY) + --disable-ping Disable ping on init (choices: "true", "false", default: false, env: DISABLE_PING) + --disable-signature Disable Ed25519 signature (choices: "true", "false", default: false, env: DISABLE_SIGNATURE) + --maximum-attempts Maximum attempts to retry POST (default: 100, env: MAXIMUM_ATTEMPTS) -h, --help display help for command ``` diff --git a/bin/cli.ts b/bin/cli.ts index 6fb5af2..ad086c3 100755 --- a/bin/cli.ts +++ b/bin/cli.ts @@ -9,40 +9,43 @@ import { ping } from "../src/ping.js"; export interface WebhookRunOptions extends commander.RunOptions { webhookUrl: string; - secretKey: string; - disablePing: boolean; + privateKey: string; expiryTime: number; + maximumAttempts: number; + disablePing: string; + disableSignature: string; } -const expirationOption = new Option("--expiry-time ", "Time before a transmission becomes invalid (in seconds)").env("EXPIRY_TIME").default(40) +const webhookUrlOption = new Option("--webhook-url ", "Webhook URL to send POST").makeOptionMandatory().env("WEBHOOK_URL"); +const privateKeyOption = new Option("--private-key ", "Ed25519 private key to sign POST data payload").makeOptionMandatory().env("PRIVATE_KEY"); // Run Webhook Sink const program = commander.program(pkg); const command = commander.run(program, pkg); -command.addOption(new Option("--webhook-url ", "Webhook URL to send POST").makeOptionMandatory().env("WEBHOOK_URL")); -command.addOption(new Option("--secret-key ", "TweetNaCl Secret-key to sign POST data payload").makeOptionMandatory().env("SECRET_KEY")); -command.addOption(new Option("--disable-ping", "Disable ping on init").env("DISABLE_PING").default(false)); -command.addOption(expirationOption); +command.addOption(webhookUrlOption); +command.addOption(privateKeyOption); +command.addOption(new Option("--disable-ping ", "Disable ping on init").choices(["true", "false"]).env("DISABLE_PING").default(false)); +command.addOption(new Option("--disable-signature ", "Disable Ed25519 signature").choices(["true", "false"]).env("DISABLE_SIGNATURE").default(false)); +command.addOption(new Option("--maximum-attempts ", "Maximum attempts to retry POST").env("MAXIMUM_ATTEMPTS").default(100)); command.action(action); program .command("keypair") .description("Generate TweetNaCl keypair") .action(() => { - const { publicKey, secretKey } = keyPair(); + const { publicKey, privateKey } = keyPair(); console.log(`PUBLIC_KEY=${publicKey}`); - console.log(`SECRET_KEY=${secretKey}`); + console.log(`PRIVATE_KEY=${privateKey}`); }); program .command("ping") .description("Ping Webhook URL") - .addOption(new Option("--webhook-url ", "Webhook URL to send POST").makeOptionMandatory().env("WEBHOOK_URL")) - .addOption(new Option("--secret-key ", "TweetNaCl Secret-key to sign POST data payload").makeOptionMandatory().env("SECRET_KEY")) - .addOption(expirationOption) + .addOption(webhookUrlOption) + .addOption(privateKeyOption) .action(async (options: WebhookRunOptions) => { logger.settings.type = "hidden"; - const response = await ping(options.webhookUrl, options.secretKey, options.expiryTime); + const response = await ping(options.webhookUrl, options.privateKey); if (response) console.log("✅ OK"); else console.log("⁉️ ERROR"); }); diff --git a/biome.json b/biome.json index 8ea7552..ee7b58b 100644 --- a/biome.json +++ b/biome.json @@ -18,7 +18,7 @@ }, "formatter": { "indentStyle": "space", - "lineWidth": 120 + "lineWidth": 160 }, "linter": { "rules": { @@ -39,6 +39,6 @@ } }, "organizeImports": { - "enabled": true + "enabled": false } } diff --git a/examples/bun/Dockerfile b/examples/bun/Dockerfile index 1e46fd9..bac1252 100644 --- a/examples/bun/Dockerfile +++ b/examples/bun/Dockerfile @@ -1,15 +1,4 @@ FROM oven/bun - -WORKDIR /app - -ENV PUBLIC_KEY $PUBLIC_KEY -ENV PORT $PORT - -COPY bun.lockb ./ -COPY package*.json ./ - -RUN bun install - COPY . . - +RUN bun install CMD [ "bun", "http.ts" ] diff --git a/examples/bun/bun.lockb b/examples/bun/bun.lockb deleted file mode 100755 index 9c871c0..0000000 Binary files a/examples/bun/bun.lockb and /dev/null differ diff --git a/examples/bun/http.ts b/examples/bun/http.ts index c7383bb..3c6e72b 100644 --- a/examples/bun/http.ts +++ b/examples/bun/http.ts @@ -1,5 +1,5 @@ import "dotenv/config"; -import nacl from "tweetnacl"; +import { ed25519 } from "@noble/curves/ed25519.js"; const PORT = process.env.PORT ?? 3000; const PUBLIC_KEY = process.env.PUBLIC_KEY ?? "a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; @@ -12,28 +12,20 @@ export default { async fetch(request) { // get headers and body from POST request const signature = request.headers.get("x-signature-ed25519"); - const expiry = Number(request.headers.get("x-signature-ed25519-expiry")); - const publicKey = request.headers.get("x-signature-ed25519-public-key"); - + const timestamp = request.headers.get("x-signature-timestamp"); const body = await request.text(); if (!signature) return new Response("missing required signature in headers", { status: 400 }); - if (!expiry) return new Response("missing required expiry in headers", { status: 400 }); - if (!publicKey) return new Response("missing required public key in headers", { status: 400 }); + if (!timestamp) return new Response("missing required timestamp in headers", { status: 400 }); if (!body) return new Response("missing body", { status: 400 }); - if (new Date().getTime() >= expiry) return new Response("signature expired", { status: 401 }); - if (publicKey !== PUBLIC_KEY) return new Response("unknown public key", { status: 401 }); - // validate signature using public key - console.log({signature, expiry, publicKey}); - const payload = JSON.stringify({ exp: expiry, id: publicKey }); - const isVerified = nacl.sign.detached.verify( - Buffer.from(payload), - Buffer.from(signature, "hex"), - Buffer.from(publicKey, "hex"), + const isVerified = ed25519.verify( + signature, + Buffer.from(timestamp + body), + PUBLIC_KEY, ); - console.log({ isVerified, signature }); + console.log({ isVerified, timestamp, signature }); console.log(body); if (!isVerified) { diff --git a/examples/bun/package.json b/examples/bun/package.json index 016d525..990ce62 100644 --- a/examples/bun/package.json +++ b/examples/bun/package.json @@ -3,7 +3,7 @@ "start": "bun http.ts" }, "dependencies": { - "tweetnacl": "latest", + "@noble/curves": "latest", "dotenv": "latest" } } diff --git a/examples/deno/Dockerfile b/examples/deno/Dockerfile deleted file mode 100644 index 2e426c1..0000000 --- a/examples/deno/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM denoland/deno:alpine - -WORKDIR /app - -ENV PUBLIC_KEY $PUBLIC_KEY -ENV PORT $PORT - -COPY . . - -CMD [ "deno", "run", "--allow-net", "--allow-read", "--allow-env", "http.ts" ] diff --git a/examples/deno/http.ts b/examples/deno/http.ts deleted file mode 100644 index 5e220eb..0000000 --- a/examples/deno/http.ts +++ /dev/null @@ -1,39 +0,0 @@ -import "https://deno.land/std@0.190.0/dotenv/load.ts"; -import { encode } from "https://deno.land/std@0.190.0/encoding/hex.ts"; -import { serve } from "https://deno.land/std@0.190.0/http/server.ts"; -import nacl from "npm:tweetnacl"; - -const PORT = Deno.env.get("PORT"); -const PUBLIC_KEY = Deno.env.get("PUBLIC_KEY"); - -const handler = async (request: Request) => { - // get headers and body from POST request - const signature = request.headers.get("x-signature-ed25519"); - const expiry = Number(request.headers.get("x-signature-ed25519-expiry")); - const publicKey = request.headers.get("x-signature-ed25519-public-key"); - - const body = await request.text(); - - if (!signature) return new Response("missing required signature in headers", { status: 400 }); - if (!expiry) return new Response("missing required expiry in headers", { status: 400 }); - if (!publicKey) return new Response("missing required public key in headers", { status: 400 }); - if (!body) return new Response("missing body", { status: 400 }); - - if (new Date().getTime() >= expiry) return new Response("signature expired", { status: 401 }); - if (publicKey !== PUBLIC_KEY) return new Response("unknown public key", { status: 401 }); - - // TO-DO: 🚨 FIX CODE BELOW 🚨 - // validate signature using public key - const payload = JSON.stringify({ exp: expiry, id: publicKey }); - const isVerified = nacl.sign.detached.verify(encode(payload), encode(signature), encode(PUBLIC_KEY)); - - console.dir({ signature, isVerified }); - console.dir(body); - if (!isVerified) { - return new Response("invalid request signature", { status: 401 }); - } - return new Response("OK"); -}; - -serve(handler, { port: PORT }); -console.log(`Signature validation using ${PUBLIC_KEY}`); diff --git a/examples/deno/package.json b/examples/deno/package.json deleted file mode 100644 index 8da0f5f..0000000 --- a/examples/deno/package.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "module", - "scripts": { - "start": "deno run --allow-net --allow-read --allow-env http.ts" - } -} diff --git a/examples/express/http.js b/examples/express/http.ts similarity index 53% rename from examples/express/http.js rename to examples/express/http.ts index bef72ae..2db0a07 100644 --- a/examples/express/http.js +++ b/examples/express/http.ts @@ -8,32 +8,26 @@ const app = express(); app.use(express.text({ type: "application/json" })); -app.use(async (req, res) => { +app.use(async (request, res) => { // get headers and body from POST request - const signature = request.headers.get("x-signature-ed25519"); - const expiry = request.headers.get("x-signature-ed25519-expiry"); - const publicKey = request.headers.get("x-signature-ed25519-public-key"); - - const body = await request.text(); + const signature = String(request.headers["x-signature-ed25519"]); + const timestamp = String(request.headers["x-signature-timestamp"]); + const body = await request.body; if (!signature) return new Response("missing required signature in headers", { status: 400 }); - if (!expiry) return new Response("missing required expiry in headers", { status: 400 }); - if (!publicKey) return new Response("missing required public key in headers", { status: 400 }); + if (!timestamp) return new Response("missing required timestamp in headers", { status: 400 }); if (!body) return new Response("missing body", { status: 400 }); - if (new Date().getTime() >= expiry) return new Response("signature expired", { status: 401 }); - if (publicKey !== PUBLIC_KEY) return new Response("unknown public key", { status: 401 }); - // validate signature using public key - const payload = JSON.stringify({ exp: expiry, id: publicKey }); const isVerified = nacl.sign.detached.verify( - Buffer.from(payload), + Buffer.from(timestamp + body), Buffer.from(signature, "hex"), - Buffer.from(PUBLIC_KEY, "hex") + Buffer.from(PUBLIC_KEY, "hex"), ); - console.dir({ signature, isVerified }); + console.dir({ signature, timestamp, isVerified }); console.dir(body); + res.setHeader("Content-Type", "text/plain;charset=utf-8"); if (!isVerified) { return res.send("invalid request signature").status(401); } diff --git a/examples/express/package-lock.json b/examples/express/package-lock.json deleted file mode 100644 index 71e1918..0000000 --- a/examples/express/package-lock.json +++ /dev/null @@ -1,618 +0,0 @@ -{ - "name": "express", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "dependencies": { - "dotenv": "latest", - "express": "latest", - "tweetnacl": "latest" - } - }, - "node_modules/accepts": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", - "dependencies": { - "mime-types": "~2.1.34", - "negotiator": "0.6.3" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" - }, - "node_modules/body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", - "dependencies": { - "bytes": "3.1.2", - "content-type": "~1.0.4", - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "on-finished": "2.4.1", - "qs": "6.11.0", - "raw-body": "2.5.1", - "type-is": "~1.6.18", - "unpipe": "1.0.0" - }, - "engines": { - "node": ">= 0.8", - "npm": "1.2.8000 || >= 1.4.16" - } - }, - "node_modules/bytes": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", - "dependencies": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/content-disposition": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", - "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", - "dependencies": { - "safe-buffer": "5.2.1" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/content-type": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", - "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/cookie-signature": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" - }, - "node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/depd": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/destroy": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", - "engines": { - "node": ">= 0.8", - "npm": "1.2.8000 || >= 1.4.16" - } - }, - "node_modules/dotenv": { - "version": "16.1.4", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.1.4.tgz", - "integrity": "sha512-m55RtE8AsPeJBpOIFKihEmqUcoVncQIwo7x9U8ZwLEZw9ZpXboz2c+rvog+jUaJvVrZ5kBOeYQBX5+8Aa/OZQw==", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/motdotla/dotenv?sponsor=1" - } - }, - "node_modules/ee-first": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" - }, - "node_modules/encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/escape-html": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" - }, - "node_modules/etag": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/express": { - "version": "4.18.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", - "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", - "dependencies": { - "accepts": "~1.3.8", - "array-flatten": "1.1.1", - "body-parser": "1.20.1", - "content-disposition": "0.5.4", - "content-type": "~1.0.4", - "cookie": "0.5.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "2.0.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "1.2.0", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.7", - "qs": "6.11.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.2.1", - "send": "0.18.0", - "serve-static": "1.15.0", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - }, - "engines": { - "node": ">= 0.10.0" - } - }, - "node_modules/finalhandler": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", - "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==", - "dependencies": { - "debug": "2.6.9", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "statuses": "2.0.1", - "unpipe": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/forwarded": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" - }, - "node_modules/get-intrinsic": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", - "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", - "dependencies": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-proto": "^1.0.1", - "has-symbols": "^1.0.3" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "dependencies": { - "function-bind": "^1.1.1" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/has-proto": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", - "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-symbols": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/http-errors": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", - "dependencies": { - "depd": "2.0.0", - "inherits": "2.0.4", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "toidentifier": "1.0.1" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/iconv-lite": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", - "dependencies": { - "safer-buffer": ">= 2.1.2 < 3" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" - }, - "node_modules/ipaddr.js": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==" - }, - "node_modules/methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", - "bin": { - "mime": "cli.js" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "dependencies": { - "mime-db": "1.52.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - }, - "node_modules/negotiator": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/object-inspect": { - "version": "1.12.3", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz", - "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==", - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/on-finished": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", - "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", - "dependencies": { - "ee-first": "1.1.1" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/parseurl": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" - }, - "node_modules/proxy-addr": { - "version": "2.0.7", - "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "dependencies": { - "forwarded": "0.2.0", - "ipaddr.js": "1.9.1" - }, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", - "dependencies": { - "side-channel": "^1.0.4" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/range-parser": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", - "dependencies": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" - }, - "node_modules/send": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", - "dependencies": { - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "mime": "1.6.0", - "ms": "2.1.3", - "on-finished": "2.4.1", - "range-parser": "~1.2.1", - "statuses": "2.0.1" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/send/node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" - }, - "node_modules/serve-static": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", - "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==", - "dependencies": { - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.18.0" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/setprototypeof": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", - "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" - }, - "node_modules/side-channel": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", - "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", - "dependencies": { - "call-bind": "^1.0.0", - "get-intrinsic": "^1.0.2", - "object-inspect": "^1.9.0" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/statuses": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/toidentifier": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", - "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", - "engines": { - "node": ">=0.6" - } - }, - "node_modules/tweetnacl": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-1.0.3.tgz", - "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==" - }, - "node_modules/type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "dependencies": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/unpipe": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/vary": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", - "engines": { - "node": ">= 0.8" - } - } - } -} diff --git a/examples/express/package.json b/examples/express/package.json index 3d4dcb6..5a1b10a 100644 --- a/examples/express/package.json +++ b/examples/express/package.json @@ -1,11 +1,16 @@ { "type": "module", "scripts": { - "start": "node http.js" + "start": "tsx http.ts" }, "dependencies": { - "tweetnacl": "latest", "dotenv": "latest", - "express": "latest" + "express": "latest", + "tweetnacl": "latest" + }, + "devDependencies": { + "@types/express": "latest", + "@types/node": "latest", + "tsx": "latest" } -} \ No newline at end of file +} diff --git a/examples/http/ping-isVerified.http b/examples/http/ping-isVerified.http index bb9744e..5968939 100644 --- a/examples/http/ping-isVerified.http +++ b/examples/http/ping-isVerified.http @@ -1,7 +1,6 @@ POST http://localhost:3000 HTTP/1.1 content-type: application/json -x-signature-ed25519: d26299022b13c25e4889191cdb6f4ab8fa30a524bca44b1742bedeeabb145ca99790ba09467f1365f870aee1236ec8682cdc3690eda4c8266cff512447d7270b -x-signature-ed25519-expiry: 2524626000000 -x-signature-ed25519-public-key: a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9 +x-signature-ed25519: 1853ea82cfce16ef0cfbe78e9c3637a3db563317fa2a2f94ea5b81ad648af31dfeecadacc3efa70c685a2b48200cf17d49356178ff7c606c4be21dfd29b2e20e +x-signature-timestamp: 1707777331 -{"message":"PING"} \ No newline at end of file +{"message":"PING"} diff --git a/examples/http/ping-not-isVerified.http b/examples/http/ping-not-isVerified.http index 45fbc18..f51d1ff 100644 --- a/examples/http/ping-not-isVerified.http +++ b/examples/http/ping-not-isVerified.http @@ -1,8 +1,6 @@ POST http://localhost:3000 HTTP/1.1 content-type: application/json -x-signature-ed25519: 32c4f322a21ac05e7c9b7374bb702ccd834e56aeebe8320048440833f2e18358014a5790302fbe3ead8c956cdf2b05c9181b787c55c3e40dc6dbc3ab2cfe730f -x-signature-ed25519-expiry: 2524626000000 -x-signature-ed25519-public-key: a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9 +x-signature-ed25519: 27ebd0c33f440e8caedd97e85ae32827098061e477871c7cded447014dd734399bfde1542884421b947059a827c3e4e4d1b60485f518e7eeb111e7fdc0145d0d +x-signature-timestamp: 1707777331 - -{"message":"PING"} \ No newline at end of file +{"message":"PING"} diff --git a/examples/http/post-invalid-headers.http b/examples/http/post-invalid-headers.http new file mode 100644 index 0000000..aaae246 --- /dev/null +++ b/examples/http/post-invalid-headers.http @@ -0,0 +1,4 @@ +POST http://localhost:3000 HTTP/1.1 +content-type: application/json + +{"status":200,"cursor":"OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2","session":{"traceId":"3cbb0a1c772a47a72995d95f4c6d2cff","resolvedStartBlock":53448515},"clock":{"timestamp":"2024-02-12T22:23:51.000Z","number":53448530,"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:443","chain":"polygon","finalBlockOnly":"false","moduleName":"map_blocks","type":"sf.substreams.v1.Clock","moduleHash":"44c506941d5f30db6cca01692624395d1ac40cd1"},"data":{"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142","number":"53448530","timestamp":"2024-02-12T22:23:51Z"}} \ No newline at end of file diff --git a/examples/http/post-invalid-signature-length.http b/examples/http/post-invalid-signature-length.http new file mode 100644 index 0000000..c5953a5 --- /dev/null +++ b/examples/http/post-invalid-signature-length.http @@ -0,0 +1,6 @@ +POST http://localhost:3000 HTTP/1.1 +content-type: application/json +x-signature-ed25519: foobar +x-signature-timestamp: 1707776632 + +{"status":200,"cursor":"OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2","session":{"traceId":"3cbb0a1c772a47a72995d95f4c6d2cff","resolvedStartBlock":53448515},"clock":{"timestamp":"2024-02-12T22:23:51.000Z","number":53448530,"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:443","chain":"polygon","finalBlockOnly":"false","moduleName":"map_blocks","type":"sf.substreams.v1.Clock","moduleHash":"44c506941d5f30db6cca01692624395d1ac40cd1"},"data":{"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142","number":"53448530","timestamp":"2024-02-12T22:23:51Z"}} \ No newline at end of file diff --git a/examples/http/post-invalid-signature.http b/examples/http/post-invalid-signature.http new file mode 100644 index 0000000..0764424 --- /dev/null +++ b/examples/http/post-invalid-signature.http @@ -0,0 +1,6 @@ +POST http://localhost:3000 HTTP/1.1 +content-type: application/json +x-signature-ed25519: 5d5ca4921dfb61a55361dff2b79ad58a3e3c44e06de812a955a006c5d7e1501b163a66b451dd108415a60a0e842dc1aa210f80b2abb32aae8b77c0cc4317660b +x-signature-timestamp: 1707776632 + +{"status":200,"cursor":"OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2","session":{"traceId":"3cbb0a1c772a47a72995d95f4c6d2cff","resolvedStartBlock":53448515},"clock":{"timestamp":"2024-02-12T22:23:51.000Z","number":53448530,"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:443","chain":"polygon","finalBlockOnly":"false","moduleName":"map_blocks","type":"sf.substreams.v1.Clock","moduleHash":"44c506941d5f30db6cca01692624395d1ac40cd1"},"data":{"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142","number":"53448530","timestamp":"2024-02-12T22:23:51Z"}} \ No newline at end of file diff --git a/examples/http/post-invalid-timestamp.http b/examples/http/post-invalid-timestamp.http new file mode 100644 index 0000000..be775ee --- /dev/null +++ b/examples/http/post-invalid-timestamp.http @@ -0,0 +1,6 @@ +POST http://localhost:3000 HTTP/1.1 +content-type: application/json +x-signature-ed25519: 8f01c66ccda5b987c43d913290419572ea586dbef2077fa166c4a84797e1d2c76b305bc67ed43efb1fc841562620a61cb59c4d8a13de689a2e98ead19190f80c +x-signature-timestamp: 9999999999 + +{"status":200,"cursor":"OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2","session":{"traceId":"3cbb0a1c772a47a72995d95f4c6d2cff","resolvedStartBlock":53448515},"clock":{"timestamp":"2024-02-12T22:23:51.000Z","number":53448530,"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:443","chain":"polygon","finalBlockOnly":"false","moduleName":"map_blocks","type":"sf.substreams.v1.Clock","moduleHash":"44c506941d5f30db6cca01692624395d1ac40cd1"},"data":{"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142","number":"53448530","timestamp":"2024-02-12T22:23:51Z"}} \ No newline at end of file diff --git a/examples/http/post.http b/examples/http/post.http index f1ff9cb..e229e4f 100644 --- a/examples/http/post.http +++ b/examples/http/post.http @@ -1,7 +1,6 @@ POST http://localhost:3000 HTTP/1.1 content-type: application/json -x-signature-ed25519: d26299022b13c25e4889191cdb6f4ab8fa30a524bca44b1742bedeeabb145ca99790ba09467f1365f870aee1236ec8682cdc3690eda4c8266cff512447d7270b -x-signature-ed25519-expiry: 2524626000000 -x-signature-ed25519-public-key: a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9 +x-signature-ed25519: 8f01c66ccda5b987c43d913290419572ea586dbef2077fa166c4a84797e1d2c76b305bc67ed43efb1fc841562620a61cb59c4d8a13de689a2e98ead19190f80c +x-signature-timestamp: 1707776632 -{"status":200,"cursor":"3ErAq5aeVa2E561uHfBu6qWwLpcyAlJrUAPhKxFLhtnz9HLH3JikBTQmaRqEkKz52RO4HQuk2I3EFi8p88JXtNa8kb4y6XdtRH5-loC_qLHscPOmawkSIu9kDrmJYdLfUzjSagj7c7tRsdLlPKaLY0BkY850fTOwizxW8IYFJqNAv3Mykm2ucMfVgf6fooJArbYgFuyinCzyBz16Kk4LO8TQZ_bN7jx1","session":{"traceId":"06eb726db08090e476eb2dbeff72f1bb","resolvedStartBlock":48458405},"clock":{"timestamp":"2023-10-08T02:53:03.000Z","number":48458410,"id":"3b54021525ec17d05946cfa86b92ab12787fb6f4fe25b59ac5380db39cd6ac73"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:9000","moduleName":"map_block_stats","type":"subtivity.v1.BlockStats","moduleHash":"0a363b2a63aadb76a525208f1973531d3616fbae","chain":"polygon"},"data":{"transactionTraces":"36","traceCalls":"212","uaw":["d6b1cca00889daa9adc1d6e76b9a120086a13aab","675fe893a74815a35f867a12cbdd0637b7d7d6d4","42b07d313de7a38dc5cea48e326e545450cc4322","8ed47843e5030b6f06e6f204fcf2725378bb837a","9ced478d8d6fcaad332d9abf30415c8e48ac8079","21c3de23d98caddc406e3d31b25e807addf33633","2f59cde588b6d3661e8792632844f511d5e2da02","84a611b71254f5fccb1e5a619ad723cad8a03638","7ba865f70e32c9f46f67e33fe06139c8c31a2fad","18264397296fd982e432b4cd4942295c5bca50f8","258cfdaeee1b411bbb63a48cb030faed6720bb15","207cf8cdaec06610d7f9c92fec513e70520ce655","f746fb75a9c1d0f1c9799e434aea2aef90f7aa22","d3961bdbf7ad806b8e870a1cfbf7e54b5247020e","314c9a7a79ec28835ae68bcf5c0fd696141f85b4","2802fa14557b4f1afdf94af082b18c37d5786a2e","74eb675ed60a6f332e156c5a9ac376ee8d4d905d","5543ff441d3b0fcce59aa08eb52f15d27294af21","a1ab1c841898fe94900d00d9312ba954e4f81501","3dd12eb5ae0f1a106fb358c8b99830ab5690a7a2","51fafb35f31c434066267fc86ea24d8424115d2a","8709264ba5b56be8750193dad1a99f8b9d6ad3d6","c2b5f79a5768893b8087667b391c1381c502ab5c","85d8d0fc4e5a1f6dc823ee4baf486758a2fcb19c","7537cb7b7e8083ff8e68cb5c0ca18553ab54946f","d0a8cb58efcee1caee48f3c357074862ca8210dc"]}} \ No newline at end of file +{"status":200,"cursor":"OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2","session":{"traceId":"3cbb0a1c772a47a72995d95f4c6d2cff","resolvedStartBlock":53448515},"clock":{"timestamp":"2024-02-12T22:23:51.000Z","number":53448530,"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:443","chain":"polygon","finalBlockOnly":"false","moduleName":"map_blocks","type":"sf.substreams.v1.Clock","moduleHash":"44c506941d5f30db6cca01692624395d1ac40cd1"},"data":{"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142","number":"53448530","timestamp":"2024-02-12T22:23:51Z"}} \ No newline at end of file diff --git a/examples/node/http.ts b/examples/node/http.ts index 7e2d6d0..e08588f 100644 --- a/examples/node/http.ts +++ b/examples/node/http.ts @@ -21,37 +21,29 @@ function rawBody(request: http.IncomingMessage) { // Create a local server to serve Prometheus gauges server.on("request", async (req, res) => { - res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" }); - // get headers and body from POST request const signature = String(req.headers["x-signature-ed25519"]); - const expiry = Number(req.headers["x-signature-ed25519-expiry"]); - const publicKey = String(req.headers["x-signature-ed25519-public-key"]); - + const timestamp = Number(req.headers["x-signature-timestamp"]); const body = await rawBody(req); if (!signature) return new Response("missing required signature in headers", { status: 400 }); - if (!expiry) return new Response("missing required expiry in headers", { status: 400 }); - if (!publicKey) return new Response("missing required public key in headers", { status: 400 }); + if (!timestamp) return new Response("missing required timestamp in headers", { status: 400 }); if (!body) return new Response("missing body", { status: 400 }); - if (new Date().getTime() >= expiry) return new Response("signature expired", { status: 401 }); - if (publicKey !== PUBLIC_KEY) return new Response("unknown public key", { status: 401 }); - // validate signature using public key - const payload = JSON.stringify({ exp: expiry, id: publicKey }); const isVerified = nacl.sign.detached.verify( - Buffer.from(payload), + Buffer.from(timestamp + body), Buffer.from(signature, "hex"), - Buffer.from(PUBLIC_KEY, "hex") + Buffer.from(PUBLIC_KEY, "hex"), ); - console.dir({ signature, isVerified }); + console.dir({ signature, timestamp, isVerified }); console.dir(body); + res.setHeader("Content-Type", "text/plain;charset=utf-8"); if (!isVerified) { return res.writeHead(401).end("invalid request signature"); } - return res.end("OK"); + return res.writeHead(200).end("OK"); }); server.listen(PORT, () => { diff --git a/examples/node/package-lock.json b/examples/node/package-lock.json deleted file mode 100644 index d547f59..0000000 --- a/examples/node/package-lock.json +++ /dev/null @@ -1,535 +0,0 @@ -{ - "name": "node:http", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "dependencies": { - "dotenv": "latest", - "tweetnacl": "^1.0.3" - }, - "devDependencies": { - "@types/node": "latest", - "tsx": "latest" - } - }, - "node_modules/@esbuild-kit/cjs-loader": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/@esbuild-kit/cjs-loader/-/cjs-loader-2.4.2.tgz", - "integrity": "sha512-BDXFbYOJzT/NBEtp71cvsrGPwGAMGRB/349rwKuoxNSiKjPraNNnlK6MIIabViCjqZugu6j+xeMDlEkWdHHJSg==", - "dev": true, - "dependencies": { - "@esbuild-kit/core-utils": "^3.0.0", - "get-tsconfig": "^4.4.0" - } - }, - "node_modules/@esbuild-kit/core-utils": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@esbuild-kit/core-utils/-/core-utils-3.1.0.tgz", - "integrity": "sha512-Uuk8RpCg/7fdHSceR1M6XbSZFSuMrxcePFuGgyvsBn+u339dk5OeL4jv2EojwTN2st/unJGsVm4qHWjWNmJ/tw==", - "dev": true, - "dependencies": { - "esbuild": "~0.17.6", - "source-map-support": "^0.5.21" - } - }, - "node_modules/@esbuild-kit/esm-loader": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/@esbuild-kit/esm-loader/-/esm-loader-2.5.5.tgz", - "integrity": "sha512-Qwfvj/qoPbClxCRNuac1Du01r9gvNOT+pMYtJDapfB1eoGN1YlJ1BixLyL9WVENRx5RXgNLdfYdx/CuswlGhMw==", - "dev": true, - "dependencies": { - "@esbuild-kit/core-utils": "^3.0.0", - "get-tsconfig": "^4.4.0" - } - }, - "node_modules/@esbuild/android-arm": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.17.19.tgz", - "integrity": "sha512-rIKddzqhmav7MSmoFCmDIb6e2W57geRsM94gV2l38fzhXMwq7hZoClug9USI2pFRGL06f4IOPHHpFNOkWieR8A==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/android-arm64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.17.19.tgz", - "integrity": "sha512-KBMWvEZooR7+kzY0BtbTQn0OAYY7CsiydT63pVEaPtVYF0hXbUaOyZog37DKxK7NF3XacBJOpYT4adIJh+avxA==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/android-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.17.19.tgz", - "integrity": "sha512-uUTTc4xGNDT7YSArp/zbtmbhO0uEEK9/ETW29Wk1thYUJBz3IVnvgEiEwEa9IeLyvnpKrWK64Utw2bgUmDveww==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/darwin-arm64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.17.19.tgz", - "integrity": "sha512-80wEoCfF/hFKM6WE1FyBHc9SfUblloAWx6FJkFWTWiCoht9Mc0ARGEM47e67W9rI09YoUxJL68WHfDRYEAvOhg==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/darwin-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.17.19.tgz", - "integrity": "sha512-IJM4JJsLhRYr9xdtLytPLSH9k/oxR3boaUIYiHkAawtwNOXKE8KoU8tMvryogdcT8AU+Bflmh81Xn6Q0vTZbQw==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/freebsd-arm64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.17.19.tgz", - "integrity": "sha512-pBwbc7DufluUeGdjSU5Si+P3SoMF5DQ/F/UmTSb8HXO80ZEAJmrykPyzo1IfNbAoaqw48YRpv8shwd1NoI0jcQ==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "freebsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/freebsd-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.17.19.tgz", - "integrity": "sha512-4lu+n8Wk0XlajEhbEffdy2xy53dpR06SlzvhGByyg36qJw6Kpfk7cp45DR/62aPH9mtJRmIyrXAS5UWBrJT6TQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "freebsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-arm": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.17.19.tgz", - "integrity": "sha512-cdmT3KxjlOQ/gZ2cjfrQOtmhG4HJs6hhvm3mWSRDPtZ/lP5oe8FWceS10JaSJC13GBd4eH/haHnqf7hhGNLerA==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-arm64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.17.19.tgz", - "integrity": "sha512-ct1Tg3WGwd3P+oZYqic+YZF4snNl2bsnMKRkb3ozHmnM0dGWuxcPTTntAF6bOP0Sp4x0PjSF+4uHQ1xvxfRKqg==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-ia32": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.17.19.tgz", - "integrity": "sha512-w4IRhSy1VbsNxHRQpeGCHEmibqdTUx61Vc38APcsRbuVgK0OPEnQ0YD39Brymn96mOx48Y2laBQGqgZ0j9w6SQ==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-loong64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.17.19.tgz", - "integrity": "sha512-2iAngUbBPMq439a+z//gE+9WBldoMp1s5GWsUSgqHLzLJ9WoZLZhpwWuym0u0u/4XmZ3gpHmzV84PonE+9IIdQ==", - "cpu": [ - "loong64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-mips64el": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.17.19.tgz", - "integrity": "sha512-LKJltc4LVdMKHsrFe4MGNPp0hqDFA1Wpt3jE1gEyM3nKUvOiO//9PheZZHfYRfYl6AwdTH4aTcXSqBerX0ml4A==", - "cpu": [ - "mips64el" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-ppc64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.17.19.tgz", - "integrity": "sha512-/c/DGybs95WXNS8y3Ti/ytqETiW7EU44MEKuCAcpPto3YjQbyK3IQVKfF6nbghD7EcLUGl0NbiL5Rt5DMhn5tg==", - "cpu": [ - "ppc64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-riscv64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.17.19.tgz", - "integrity": "sha512-FC3nUAWhvFoutlhAkgHf8f5HwFWUL6bYdvLc/TTuxKlvLi3+pPzdZiFKSWz/PF30TB1K19SuCxDTI5KcqASJqA==", - "cpu": [ - "riscv64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-s390x": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.17.19.tgz", - "integrity": "sha512-IbFsFbxMWLuKEbH+7sTkKzL6NJmG2vRyy6K7JJo55w+8xDk7RElYn6xvXtDW8HCfoKBFK69f3pgBJSUSQPr+4Q==", - "cpu": [ - "s390x" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.17.19.tgz", - "integrity": "sha512-68ngA9lg2H6zkZcyp22tsVt38mlhWde8l3eJLWkyLrp4HwMUr3c1s/M2t7+kHIhvMjglIBrFpncX1SzMckomGw==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/netbsd-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.17.19.tgz", - "integrity": "sha512-CwFq42rXCR8TYIjIfpXCbRX0rp1jo6cPIUPSaWwzbVI4aOfX96OXY8M6KNmtPcg7QjYeDmN+DD0Wp3LaBOLf4Q==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "netbsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/openbsd-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.17.19.tgz", - "integrity": "sha512-cnq5brJYrSZ2CF6c35eCmviIN3k3RczmHz8eYaVlNasVqsNY+JKohZU5MKmaOI+KkllCdzOKKdPs762VCPC20g==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "openbsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/sunos-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.17.19.tgz", - "integrity": "sha512-vCRT7yP3zX+bKWFeP/zdS6SqdWB8OIpaRq/mbXQxTGHnIxspRtigpkUcDMlSCOejlHowLqII7K2JKevwyRP2rg==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "sunos" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/win32-arm64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.17.19.tgz", - "integrity": "sha512-yYx+8jwowUstVdorcMdNlzklLYhPxjniHWFKgRqH7IFlUEa0Umu3KuYplf1HUZZ422e3NU9F4LGb+4O0Kdcaag==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/win32-ia32": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.17.19.tgz", - "integrity": "sha512-eggDKanJszUtCdlVs0RB+h35wNlb5v4TWEkq4vZcmVt5u/HiDZrTXe2bWFQUez3RgNHwx/x4sk5++4NSSicKkw==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/win32-x64": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.17.19.tgz", - "integrity": "sha512-lAhycmKnVOuRYNtRtatQR1LPQf2oYCkRGkSFnseDAKPl8lu5SOsK/e1sXe5a0Pc5kHIHe6P2I/ilntNv2xf3cA==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@types/node": { - "version": "20.3.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.3.0.tgz", - "integrity": "sha512-cumHmIAf6On83X7yP+LrsEyUOf/YlociZelmpRYaGFydoaPdxdt80MAbu6vWerQT2COCp2nPvHdsbD7tHn/YlQ==", - "dev": true - }, - "node_modules/buffer-from": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", - "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", - "dev": true - }, - "node_modules/dotenv": { - "version": "16.1.4", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.1.4.tgz", - "integrity": "sha512-m55RtE8AsPeJBpOIFKihEmqUcoVncQIwo7x9U8ZwLEZw9ZpXboz2c+rvog+jUaJvVrZ5kBOeYQBX5+8Aa/OZQw==", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/motdotla/dotenv?sponsor=1" - } - }, - "node_modules/esbuild": { - "version": "0.17.19", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.17.19.tgz", - "integrity": "sha512-XQ0jAPFkK/u3LcVRcvVHQcTIqD6E2H1fvZMA5dQPSOWb3suUbWbfbRf94pjc0bNzRYLfIrDRQXr7X+LHIm5oHw==", - "dev": true, - "hasInstallScript": true, - "bin": { - "esbuild": "bin/esbuild" - }, - "engines": { - "node": ">=12" - }, - "optionalDependencies": { - "@esbuild/android-arm": "0.17.19", - "@esbuild/android-arm64": "0.17.19", - "@esbuild/android-x64": "0.17.19", - "@esbuild/darwin-arm64": "0.17.19", - "@esbuild/darwin-x64": "0.17.19", - "@esbuild/freebsd-arm64": "0.17.19", - "@esbuild/freebsd-x64": "0.17.19", - "@esbuild/linux-arm": "0.17.19", - "@esbuild/linux-arm64": "0.17.19", - "@esbuild/linux-ia32": "0.17.19", - "@esbuild/linux-loong64": "0.17.19", - "@esbuild/linux-mips64el": "0.17.19", - "@esbuild/linux-ppc64": "0.17.19", - "@esbuild/linux-riscv64": "0.17.19", - "@esbuild/linux-s390x": "0.17.19", - "@esbuild/linux-x64": "0.17.19", - "@esbuild/netbsd-x64": "0.17.19", - "@esbuild/openbsd-x64": "0.17.19", - "@esbuild/sunos-x64": "0.17.19", - "@esbuild/win32-arm64": "0.17.19", - "@esbuild/win32-ia32": "0.17.19", - "@esbuild/win32-x64": "0.17.19" - } - }, - "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, - "node_modules/get-tsconfig": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.6.0.tgz", - "integrity": "sha512-lgbo68hHTQnFddybKbbs/RDRJnJT5YyGy2kQzVwbq+g67X73i+5MVTval34QxGkOe9X5Ujf1UYpCaphLyltjEg==", - "dev": true, - "dependencies": { - "resolve-pkg-maps": "^1.0.0" - }, - "funding": { - "url": "https://github.com/privatenumber/get-tsconfig?sponsor=1" - } - }, - "node_modules/resolve-pkg-maps": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz", - "integrity": "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==", - "dev": true, - "funding": { - "url": "https://github.com/privatenumber/resolve-pkg-maps?sponsor=1" - } - }, - "node_modules/source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/source-map-support": { - "version": "0.5.21", - "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", - "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", - "dev": true, - "dependencies": { - "buffer-from": "^1.0.0", - "source-map": "^0.6.0" - } - }, - "node_modules/tsx": { - "version": "3.12.7", - "resolved": "https://registry.npmjs.org/tsx/-/tsx-3.12.7.tgz", - "integrity": "sha512-C2Ip+jPmqKd1GWVQDvz/Eyc6QJbGfE7NrR3fx5BpEHMZsEHoIxHL1j+lKdGobr8ovEyqeNkPLSKp6SCSOt7gmw==", - "dev": true, - "dependencies": { - "@esbuild-kit/cjs-loader": "^2.4.2", - "@esbuild-kit/core-utils": "^3.0.0", - "@esbuild-kit/esm-loader": "^2.5.5" - }, - "bin": { - "tsx": "dist/cli.js" - }, - "optionalDependencies": { - "fsevents": "~2.3.2" - } - }, - "node_modules/tweetnacl": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-1.0.3.tgz", - "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==" - } - } -} diff --git a/examples/node/package.json b/examples/node/package.json index bdf5d3a..8c6c4e0 100644 --- a/examples/node/package.json +++ b/examples/node/package.json @@ -5,7 +5,7 @@ }, "dependencies": { "dotenv": "latest", - "tweetnacl": "^1.0.3" + "tweetnacl": "latest" }, "devDependencies": { "@types/node": "latest", diff --git a/index.ts b/index.ts index 4e5a5ce..cbd75a1 100644 --- a/index.ts +++ b/index.ts @@ -7,8 +7,9 @@ import type { WebhookRunOptions } from "./bin/cli.js"; import { banner } from "./src/banner.js"; import { toText } from "./src/http.js"; import { ping } from "./src/ping.js"; +import { checkKey } from "./index.js"; -export * from "./src/auth/index.js"; +export * from "./src/auth/ed25519.js"; export * from "./src/schemas.js"; export async function action(options: WebhookRunOptions) { @@ -19,8 +20,10 @@ export async function action(options: WebhookRunOptions) { const queue = new PQueue({ concurrency: 1 }); // all messages are sent in block order, no need to parallelize // Ping URL to check if it's valid - if (!options.disablePing) { - if (!(await ping(options.webhookUrl, options.secretKey, options.expiryTime))) { + const privateKey = options.privateKey; + checkKey(privateKey, "private"); + if (options.disablePing === "false") { + if (!(await ping(options.webhookUrl, privateKey))) { logger.error("exiting from invalid PING response"); process.exit(1); } @@ -60,13 +63,20 @@ export async function action(options: WebhookRunOptions) { // Queue POST queue.add(async () => { - const response = await postWebhook(options.webhookUrl, body, options.secretKey, options.expiryTime); + const response = await postWebhook(options.webhookUrl, body, privateKey, options); logger.info("POST", response, metadata); }); }); emitter.start(); + + // HTTP Server http.listen(options); http.server.on("request", (req, res) => { if (req.url === "/") return toText(res, banner()); }); + + emitter.on("close", () => { + logger.info("stream closed"); + http.server.close(); + }); } diff --git a/package-lock.json b/package-lock.json index e1e57a4..297a396 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,34 +1,35 @@ { "name": "substreams-sink-webhook", - "version": "0.7.5", + "version": "0.8.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "substreams-sink-webhook", - "version": "0.7.5", + "version": "0.8.0", "dependencies": { + "@noble/curves": "^1.3.0", "@substreams/sink-database-changes": "^0.3.2", "@substreams/sink-entity-changes": "^0.3.4", "p-queue": "latest", "substreams-sink": "^0.14.0", - "tweetnacl": "latest", - "zod": "^3.22.4" + "zod": "latest" }, "bin": { "substreams-sink-webhook": "dist/bin/cli.js" }, "devDependencies": { - "@biomejs/biome": "1.3.3", + "@biomejs/biome": "latest", "bun-types": "latest", "mitata": "latest", + "tweetnacl": "latest", "typescript": "latest" } }, "node_modules/@biomejs/biome": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-1.3.3.tgz", - "integrity": "sha512-vTJn7RBzLWIabUuUIoEopO860YyBrbPEu4Pztfd28jRU5QD074hKZ9IQs24pFO6A2R296gaeYmN62f4u7pUruQ==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-1.5.3.tgz", + "integrity": "sha512-yvZCa/g3akwTaAQ7PCwPWDCkZs3Qa5ONg/fgOUT9e6wAWsPftCjLQFPXBeGxPK30yZSSpgEmRCfpGTmVbUjGgg==", "dev": true, "hasInstallScript": true, "bin": { @@ -42,18 +43,20 @@ "url": "https://opencollective.com/biome" }, "optionalDependencies": { - "@biomejs/cli-darwin-arm64": "1.3.3", - "@biomejs/cli-darwin-x64": "1.3.3", - "@biomejs/cli-linux-arm64": "1.3.3", - "@biomejs/cli-linux-x64": "1.3.3", - "@biomejs/cli-win32-arm64": "1.3.3", - "@biomejs/cli-win32-x64": "1.3.3" + "@biomejs/cli-darwin-arm64": "1.5.3", + "@biomejs/cli-darwin-x64": "1.5.3", + "@biomejs/cli-linux-arm64": "1.5.3", + "@biomejs/cli-linux-arm64-musl": "1.5.3", + "@biomejs/cli-linux-x64": "1.5.3", + "@biomejs/cli-linux-x64-musl": "1.5.3", + "@biomejs/cli-win32-arm64": "1.5.3", + "@biomejs/cli-win32-x64": "1.5.3" } }, "node_modules/@biomejs/cli-darwin-arm64": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-1.3.3.tgz", - "integrity": "sha512-2X87ZfbmWwe4NGukrUvnoYdI//muSgjNUCAHJ2DO+kS1sB7kDy1s6PN/IYyTJuqRcJtDuOnSpaUDE7KxR1YhtA==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-1.5.3.tgz", + "integrity": "sha512-ImU7mh1HghEDyqNmxEZBoMPr8SxekkZuYcs+gynKlNW+TALQs7swkERiBLkG9NR0K1B3/2uVzlvYowXrmlW8hw==", "cpu": [ "arm64" ], @@ -67,9 +70,9 @@ } }, "node_modules/@biomejs/cli-darwin-x64": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-1.3.3.tgz", - "integrity": "sha512-t+7DWTCbSgHOBcPsGKuwS1qh1z9zbXFK8i8ktE18yW7iF/W0zI62k44fYqYeFJKlb0Q08aqUvez3L+AQJFsn+w==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-1.5.3.tgz", + "integrity": "sha512-vCdASqYnlpq/swErH7FD6nrFz0czFtK4k/iLgj0/+VmZVjineFPgevOb+Sr9vz0tk0GfdQO60bSpI74zU8M9Dw==", "cpu": [ "x64" ], @@ -83,9 +86,25 @@ } }, "node_modules/@biomejs/cli-linux-arm64": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-1.3.3.tgz", - "integrity": "sha512-D8CvXaB8lkXXBQ6B3n0MXSSZFiE60+aNHorBLimVTtKiMod8QvAP425oQFZFul5wMXZqPLGTKFjXbAi/rvnc1A==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-1.5.3.tgz", + "integrity": "sha512-cupBQv0sNF1OKqBfx7EDWMSsKwRrBUZfjXawT4s6hKV6ALq7p0QzWlxr/sDmbKMLOaLQtw2Qgu/77N9rm+f9Rg==", + "cpu": [ + "arm64" + ], + "dev": true, + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=14.*" + } + }, + "node_modules/@biomejs/cli-linux-arm64-musl": { + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-1.5.3.tgz", + "integrity": "sha512-DYuMizUYUBYfS0IHGjDrOP1RGipqWfMGEvNEJ398zdtmCKLXaUvTimiox5dvx4X15mBK5M2m8wgWUgOP1giUpQ==", "cpu": [ "arm64" ], @@ -99,9 +118,25 @@ } }, "node_modules/@biomejs/cli-linux-x64": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-1.3.3.tgz", - "integrity": "sha512-bqB05fwJnRZwRlcm/BS/s4qPickqiXZkiU/nOYvHApfsPeqgSHgv5HWoBYuSUjgqBbX3XZJArsC5dCcVW7vAJw==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-1.5.3.tgz", + "integrity": "sha512-YQrSArQvcv4FYsk7Q91Yv4uuu5F8hJyORVcv3zsjCLGkjIjx2RhjYLpTL733SNL7v33GmOlZY0eFR1ko38tuUw==", + "cpu": [ + "x64" + ], + "dev": true, + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=14.*" + } + }, + "node_modules/@biomejs/cli-linux-x64-musl": { + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-1.5.3.tgz", + "integrity": "sha512-UUHiAnlDqr2Y/LpvshBFhUYMWkl2/Jn+bi3U6jKuav0qWbbBKU/ByHgR4+NBxpKBYoCtWxhnmatfH1bpPIuZMw==", "cpu": [ "x64" ], @@ -115,9 +150,9 @@ } }, "node_modules/@biomejs/cli-win32-arm64": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-1.3.3.tgz", - "integrity": "sha512-muFOjAv1ONMfaJDlo4Ds+Qb9lkdSLM2XaxOe3AJPejSq3Vi0aRr51ZnE02BofMnL2sVsOA9cO54wibsuTcopbw==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-1.5.3.tgz", + "integrity": "sha512-HxatYH7vf/kX9nrD+pDYuV2GI9GV8EFo6cfKkahAecTuZLPxryHx1WEfJthp5eNsE0+09STGkKIKjirP0ufaZA==", "cpu": [ "arm64" ], @@ -131,9 +166,9 @@ } }, "node_modules/@biomejs/cli-win32-x64": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-1.3.3.tgz", - "integrity": "sha512-PMkMhS4smmmTMflxuZUx3REFSazEL9xsGscvZO1dKWI4ET23la+KxEM4TlSpjOyO66UerqSkuUlZecn0QhD63A==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-1.5.3.tgz", + "integrity": "sha512-fMvbSouZEASU7mZH8SIJSANDm5OqsjgtVXlbUqxwed6BP7uuHRSs396Aqwh2+VoW8fwTpp6ybIUoC9FrzB0kyA==", "cpu": [ "x64" ], @@ -320,10 +355,40 @@ "node": ">=14" } }, + "node_modules/@noble/curves": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.3.0.tgz", + "integrity": "sha512-t01iSXPuN+Eqzb4eBX0S5oubSqXbK/xXa1Ne18Hj8f9pStxztHCE2gfboSp/dZRLSqfuLpRK2nDXDK+W9puocA==", + "dependencies": { + "@noble/hashes": "1.3.3" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/@noble/hashes": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.3.3.tgz", + "integrity": "sha512-V7/fPHgl+jsVPXqqeOzT8egNj2iBIVt+ECeMMG8TdcnTikP3oaBtUVqpT/gYCR68aEBJSF+XbYUxStjbFMqIIA==", + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/@opentelemetry/api": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.7.0.tgz", + "integrity": "sha512-AdY5wvN0P2vXBi3b29hxZgSFvdhdxPB9+f0B6s//P9Q8nibRWeA3cHm8UmLpio9ABigkVHJ5NMPk+Mz8VCCyrw==", + "engines": { + "node": ">=8.0.0" + } + }, "node_modules/@sinclair/typebox": { - "version": "0.31.28", - "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.31.28.tgz", - "integrity": "sha512-/s55Jujywdw/Jpan+vsy6JZs1z2ZTGxTmbZTPiuSL2wz9mfzA2gN1zzaqmvfi4pq+uOt7Du85fkiwv5ymW84aQ==" + "version": "0.32.14", + "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.32.14.tgz", + "integrity": "sha512-EC77Mw8huT2z9YlYbWfpIQgN6shZE1tH4NP4/Trig8UBel9FZNMZRJ42ubJI8PLor2uIU+waLml1dce5ReCOPg==" }, "node_modules/@substreams/core": { "version": "0.15.1", @@ -385,34 +450,56 @@ "zod": "latest" } }, + "node_modules/@types/node": { + "version": "20.11.17", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.17.tgz", + "integrity": "sha512-QmgQZGWu1Yw9TDyAP9ZzpFJKynYNeOvwMJmaxABfieQoVoiVOS6MN1WSpqpRcbeA5+RW82kraAVxCCJg+780Qw==", + "dev": true, + "dependencies": { + "undici-types": "~5.26.4" + } + }, + "node_modules/@types/ws": { + "version": "8.5.10", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.10.tgz", + "integrity": "sha512-vmQSUcfalpIq0R9q7uTo2lXs6eGIpt9wtnLdMv9LVpIjCA/+ufZRozlVoVelIYixx1ugCBKDhn89vnsEGOCx9A==", + "dev": true, + "dependencies": { + "@types/node": "*" + } + }, "node_modules/bintrees": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.2.tgz", "integrity": "sha512-VOMgTMwjAaUG580SXn3LacVgjurrbMme7ZZNYGSSV7mmtY6QQRh0Eg3pwIcntQ77DErK1L0NxkbetjcoXzVwKw==" }, "node_modules/bun-types": { - "version": "0.8.1", - "resolved": "https://registry.npmjs.org/bun-types/-/bun-types-0.8.1.tgz", - "integrity": "sha512-VuCBox66P/3a8gVOffLCWIS6vdpXq4y3eJuF3VnsyC5HpykmIjkcr5wYDn22qQdeTUmOfCcBy1SZmtrZCeUr3A==", - "dev": true + "version": "1.0.26", + "resolved": "https://registry.npmjs.org/bun-types/-/bun-types-1.0.26.tgz", + "integrity": "sha512-VcSj+SCaWIcMb0uSGIAtr8P92zq9q+unavcQmx27fk6HulCthXHBVrdGuXxAZbFtv7bHVjizRzR2mk9r/U8Nkg==", + "dev": true, + "dependencies": { + "@types/node": "~20.11.3", + "@types/ws": "~8.5.10" + } }, "node_modules/commander": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", - "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==", + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.0.0.tgz", + "integrity": "sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==", "engines": { - "node": ">=16" + "node": ">=18" } }, "node_modules/dotenv": { - "version": "16.3.1", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.3.1.tgz", - "integrity": "sha512-IPzF4w4/Rd94bA9imS68tZBaYyBWSCE47V1RGuMrB94iyTOIEwRmVL2x/4An+6mETpLrKJ5hQkB8W4kFAadeIQ==", + "version": "16.4.3", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.3.tgz", + "integrity": "sha512-II98GFrje5psQTSve0E7bnwMFybNLqT8Vu8JIFWRjsE3khyNUm/loZupuy5DVzG2IXf/ysxvrixYOQnM6mjD3A==", "engines": { "node": ">=12" }, "funding": { - "url": "https://github.com/motdotla/dotenv?sponsor=1" + "url": "https://dotenvx.com" } }, "node_modules/effect": { @@ -449,46 +536,47 @@ } }, "node_modules/mitata": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/mitata/-/mitata-0.1.6.tgz", - "integrity": "sha512-VKQ0r3jriTOU9E2Z+mwbZrUmbg4Li4QyFfi7kfHKl6reZhGzL0AYlu3wE0VPXzIwA5xnFzmEQoBwCcNT8stUkA==", + "version": "0.1.9", + "resolved": "https://registry.npmjs.org/mitata/-/mitata-0.1.9.tgz", + "integrity": "sha512-/Nr2NeYkCh9r5GHV8YZ5pZHlIhKx04O4TH2M9Ydk2yQeJnpgtBl20HJQDY34TUq4ozL1MNHajZGjLJm7K5U2Gg==", "dev": true }, "node_modules/p-queue": { - "version": "7.4.0", - "resolved": "https://registry.npmjs.org/p-queue/-/p-queue-7.4.0.tgz", - "integrity": "sha512-1FYFpop2WjLUfhSpKb0pi01JL+Z+H0Z8F2XPn2g04WxGynU/X8mx8s/66fb7jZ39pS2ZliAWCX97EoTSIdMmtw==", + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/p-queue/-/p-queue-8.0.1.tgz", + "integrity": "sha512-NXzu9aQJTAzbBqOt2hwsR63ea7yvxJc0PwN/zobNAudYfb1B7R08SzB4TsLeSbUCuG467NhnoT0oO6w1qRO+BA==", "dependencies": { "eventemitter3": "^5.0.1", - "p-timeout": "^5.0.2" + "p-timeout": "^6.1.2" }, "engines": { - "node": ">=12" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/p-timeout": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-5.1.0.tgz", - "integrity": "sha512-auFDyzzzGZZZdHz3BtET9VEz0SE/uMEAx7uWfGPucfzEwwe/xH0iVeZibQmANYE/hp9T2+UUZT5m+BKyrDp3Ew==", + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-6.1.2.tgz", + "integrity": "sha512-UbD77BuZ9Bc9aABo74gfXhNvzC9Tx7SxtHSh1fxvx3jTLLYvmVhiQZZrJzqqU0jKbN32kb5VOKiLEQI/3bIjgQ==", "engines": { - "node": ">=12" + "node": ">=14.16" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/prom-client": { - "version": "14.2.0", - "resolved": "https://registry.npmjs.org/prom-client/-/prom-client-14.2.0.tgz", - "integrity": "sha512-sF308EhTenb/pDRPakm+WgiN+VdM/T1RaHj1x+MvAuT8UiQP8JmOEbxVqtkbfR4LrvOg5n7ic01kRBDGXjYikA==", + "version": "15.1.0", + "resolved": "https://registry.npmjs.org/prom-client/-/prom-client-15.1.0.tgz", + "integrity": "sha512-cCD7jLTqyPdjEPBo/Xk4Iu8jxjuZgZJ3e/oET3L+ZwOuap/7Cw3dH/TJSsZKs1TQLZ2IHpIlRAKw82ef06kmMw==", "dependencies": { + "@opentelemetry/api": "^1.4.0", "tdigest": "^0.1.1" }, "engines": { - "node": ">=10" + "node": "^16 || ^18 || >=20" } }, "node_modules/pure-rand": { @@ -546,12 +634,13 @@ "node_modules/tweetnacl": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-1.0.3.tgz", - "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==" + "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==", + "dev": true }, "node_modules/typescript": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.2.2.tgz", - "integrity": "sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w==", + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.3.3.tgz", + "integrity": "sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw==", "dev": true, "bin": { "tsc": "bin/tsc", @@ -572,6 +661,12 @@ "node": ">=14.0" } }, + "node_modules/undici-types": { + "version": "5.26.5", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==", + "dev": true + }, "node_modules/yaml": { "version": "2.3.4", "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz", diff --git a/package.json b/package.json index 37029c5..6834e28 100644 --- a/package.json +++ b/package.json @@ -31,22 +31,24 @@ "start": "tsc && node ./dist/bin/cli.js run", "pretest": "tsc --noEmit", "test": "bun test", + "posttest": "bunx @biomejs/biome check .", "prepublishOnly": "tsc", - "build": "bun build --compile ./index.ts --outfile substreams-sink-webhook", + "format": "bunx @biomejs/biome format --write ./", "bench": "bun ./src/**/*.bench.ts" }, "dependencies": { + "@noble/curves": "^1.3.0", "@substreams/sink-database-changes": "^0.3.2", "@substreams/sink-entity-changes": "^0.3.4", "p-queue": "latest", "substreams-sink": "^0.14.0", - "tweetnacl": "latest", - "zod": "^3.22.4" + "zod": "latest" }, "devDependencies": { - "@biomejs/biome": "1.3.3", + "@biomejs/biome": "latest", "bun-types": "latest", "mitata": "latest", + "tweetnacl": "latest", "typescript": "latest" } } diff --git a/src/auth/cached.ts b/src/auth/cached.ts deleted file mode 100644 index 9590b29..0000000 --- a/src/auth/cached.ts +++ /dev/null @@ -1,56 +0,0 @@ -import { sign, verify } from "./ed25519.js"; - -// Keep in memory the latest generated signature for every secret key. -// We do not regenerate them if they are still valid. -const latestSignatures = new Map>(); - -export function cachedSign(...args: Parameters): ReturnType { - const [secretKey, durationInSecs] = args; - - // Do not recalculate a signature it the latest one expires in less than 40% of the expiryTime - let latestSignature = latestSignatures.get(secretKey); - if (!latestSignature || generatedSignatureIsExpired(latestSignature.expirationTime, durationInSecs)) { - latestSignature = sign(...args); - latestSignatures.set(secretKey, latestSignature); - } - - return latestSignature; -} - -function generatedSignatureIsExpired(expirationTime: number, signatureDurationInSecs: number) { - return expirationTime - new Date().getTime() <= 0.4 * signatureDurationInSecs * 1000; -} - -// Keep in memory which signatures are currently valid, and at what time they become invalid. -// This allows to skip the ed25519 validation process each time and only compare the expiration time. -const validSignatures = new Map(); - -export function cachedVerify(...args: Parameters): ReturnType { - const [signature, expiry] = args; - - // Quick return if the signature is already known - const cachedSignatureExpiry = validSignatures.get(signature); - if (cachedSignatureExpiry !== undefined) { - if (receivedSignatureIsExpired(cachedSignatureExpiry)) { - return new Error("signature is expired"); - } - - return true; - } - - // Cleanup expired values from cache - for (const [signature, expiry] of validSignatures) { - if (receivedSignatureIsExpired(expiry)) { - validSignatures.delete(signature); - } - } - - // If it is a new signature, process it normally - const result = verify(...args); - validSignatures.set(signature, expiry); - return result; -} - -function receivedSignatureIsExpired(expirationTime: number): boolean { - return new Date().getTime() >= expirationTime; -} diff --git a/src/auth/ed25519.bench.ts b/src/auth/ed25519.bench.ts index ce4a036..8b5033b 100644 --- a/src/auth/ed25519.bench.ts +++ b/src/auth/ed25519.bench.ts @@ -1,20 +1,20 @@ +import { ed25519 } from "@noble/curves/ed25519.js"; import { bench, group, run } from "mitata"; -import { cachedSign, cachedVerify } from "./cached.js"; -import { sign, verify } from "./ed25519.js"; +import nacl from "tweetnacl"; -const secretKey = - "3faae992336ea6599fbee55bb2605f1a1297c7288b860725cdfc8794413559dba3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; +const secretKey = "3faae992336ea6599fbee55bb2605f1a1297c7288b860725cdfc8794413559db"; const publicKey = "a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; -const { signature, expirationTime } = sign(secretKey, 60); +const body = "hello world"; +const signature = "fb8b513516baa2ded8cc1d9745560b60843798a35fe6d7fc99bfcf61845f44ded8e31a175cea1abe649c9663e7f1e98f8cde3a9a53dae4158a69d3b86a753c04"; group("sign", () => { - bench("sign - cache disabled", () => sign(secretKey, 60)); - bench("sign - cache enabled", () => cachedSign(secretKey, 60)); + bench("tweetnacl", () => nacl.sign.detached(Buffer.from(body), Buffer.from(secretKey + publicKey, "hex"))); + bench("@noble/curves", () => ed25519.sign(Buffer.from(body), secretKey)); }); group("verify", () => { - bench("verify - cache disabled", () => verify(signature, expirationTime, publicKey)); - bench("verify - cache enabled", () => cachedVerify(signature, expirationTime, publicKey)); + bench("tweetnacl", () => nacl.sign.detached.verify(Buffer.from(body), Buffer.from(signature, "hex"), Buffer.from(publicKey, "hex"))); + bench("@noble/curves", () => ed25519.verify(signature, Buffer.from(body), publicKey)); }); await run({ avg: true, json: false, colors: true, min_max: true, collect: false, percentiles: false }); diff --git a/src/auth/ed25519.spec.ts b/src/auth/ed25519.spec.ts new file mode 100644 index 0000000..f32ff10 --- /dev/null +++ b/src/auth/ed25519.spec.ts @@ -0,0 +1,56 @@ +import { describe, expect, test } from "bun:test"; +import * as auth from "./ed25519.js"; + +const privateKey = "3faae992336ea6599fbee55bb2605f1a1297c7288b860725cdfc8794413559db"; +const publicKey = "a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; +const body = `{"status":200,"cursor":"OJGbpO9ZnZcwvxW38_FO8KWwLpcyA1lrUQPgKRFL04Py8yCW35v1VTB1O0-Elami3RztQlOp2tmcHC9y9ZQFuoDrxLpj6yU-FXorwoHr_OfqLPumMQwTJ-hgWeuKYNLeWDjTagn4ersEtNGzbvLaY0UxZZUhK2G62z1VptdXJfEWuiJmyjmrIZrRhK-WoNAS_rEkQ7L1xCmhDzJ4K0dTPcSDNPKZuDR2","session":{"traceId":"3cbb0a1c772a47a72995d95f4c6d2cff","resolvedStartBlock":53448515},"clock":{"timestamp":"2024-02-12T22:23:51.000Z","number":53448530,"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142"},"manifest":{"substreamsEndpoint":"https://polygon.substreams.pinax.network:443","chain":"polygon","finalBlockOnly":"false","moduleName":"map_blocks","type":"sf.substreams.v1.Clock","moduleHash":"44c506941d5f30db6cca01692624395d1ac40cd1"},"data":{"id":"f843bc26cea0cbd50b09699546a8a97de6a1727646c17a857c5d8d868fc26142","number":"53448530","timestamp":"2024-02-12T22:23:51Z"}}`; +const signature = "8f01c66ccda5b987c43d913290419572ea586dbef2077fa166c4a84797e1d2c76b305bc67ed43efb1fc841562620a61cb59c4d8a13de689a2e98ead19190f80c"; +const timestamp = 1707776632; + +describe("sign", () => { + test("sign", () => { + const signature = auth.sign(timestamp, body, privateKey); + expect(signature).toBe(signature); + }); + + test("error - missing body", () => { + expect(() => auth.sign(timestamp, "", privateKey)).toThrow("missing body"); + }); + + test("error - invalid private key length", () => { + expect(() => auth.sign(timestamp, body, "")).toThrow("invalid private key length"); + }); + + test("error - invalid timestamp", () => { + expect(() => auth.sign(0, body, privateKey)).toThrow("invalid timestamp"); + expect(() => auth.sign(Number("abc"), body, privateKey)).toThrow("invalid timestamp"); + }); +}); + +describe("verify", () => { + test("verify", () => { + expect(auth.verify(timestamp, body, signature, publicKey)).toBeTrue(); + }); + + test("error - invalid signature", () => { + const invalidPublicKey = "36657c7498f2ff2e9a520dcfbdad4e7c1e5354a75623165e28f6577a45a9eec3"; + expect(() => auth.verify(timestamp, body, signature, invalidPublicKey)).toThrow("invalid signature"); + }); + + test("error - missing body", () => { + expect(() => auth.verify(timestamp, "", signature, publicKey)).toThrow("missing body"); + }); + + test("error - invalid signature length", () => { + expect(() => auth.verify(timestamp, body, "foobar", publicKey)).toThrow("invalid signature length"); + }); + + test("error - invalid timestamp", () => { + expect(() => auth.verify(0, body, signature, publicKey)).toThrow("invalid timestamp"); + expect(() => auth.verify(Number("abc"), body, signature, publicKey)).toThrow("invalid timestamp"); + }); + + test("error - invalid public key length", () => { + expect(() => auth.verify(timestamp, body, signature, "foobar")).toThrow("invalid public key length"); + }); +}); diff --git a/src/auth/ed25519.ts b/src/auth/ed25519.ts index 61a2929..c0a4020 100644 --- a/src/auth/ed25519.ts +++ b/src/auth/ed25519.ts @@ -1,38 +1,67 @@ -import nacl from "tweetnacl"; +import { Hex } from "@noble/curves/abstract/utils"; +import { ed25519 } from "@noble/curves/ed25519"; -export function sign(secretKey: string, durationInSecs: number) { - const publicKey = secretKey.substring(nacl.sign.secretKeyLength); - const expirationTime = new Date().getTime() + durationInSecs * 1000; +export function createTimestamp() { + return Math.floor(Date.now() / 1000); +} - const payload = JSON.stringify({ exp: expirationTime, id: publicKey }); - const signedBuffer = nacl.sign.detached(Buffer.from(payload), Buffer.from(secretKey, "hex")); +export function createMessage(timestamp: number, body: Hex): Hex { + return Buffer.from(`${timestamp}${body}`); +} - return { signature: Buffer.from(signedBuffer).toString("hex"), expirationTime, publicKey }; +export function checkKey(key: Hex, type: "public" | "private") { + const length = typeof key === "string" ? 64 : 32; + if (key.length !== length) { + throw Error(`invalid ${type} key length`); + } } -export function verify(signature: string, expiry: number, publicKey: string): Error | true { - if (new Date().getTime() >= expiry) { - return new Error("signature has expired"); +export function checkSignature(signature: Hex) { + const length = typeof signature === "string" ? 128 : 64; + if (signature.length !== length) { + throw Error("invalid signature length"); } +} - const payload = JSON.stringify({ exp: expiry, id: publicKey }); - const isVerified = nacl.sign.detached.verify( - Buffer.from(payload), - Buffer.from(signature, "hex"), - Buffer.from(publicKey, "hex"), - ); +export function checkMessage(timestamp: number, body: string) { + if (!body) { + throw Error("missing body"); + } + if (!(timestamp > 0)) { + throw Error("invalid timestamp"); + } +} + +export function toHex(arrayBuffer: Uint8Array) { + return Buffer.from(arrayBuffer).toString("hex"); +} + +export function sign(timestamp: number, body: string, privateKey: Hex) { + checkKey(privateKey, "private"); + checkMessage(timestamp, body); + const message = createMessage(timestamp, body); + const signedBuffer = ed25519.sign(message, privateKey); + return Buffer.from(signedBuffer).toString("hex"); +} + +export function verify(timestamp: number, body: string, signature: Hex, publicKey: Hex): true { + checkKey(publicKey, "public"); + checkMessage(timestamp, body); + checkSignature(signature); + const message = createMessage(timestamp, body); + const isVerified = ed25519.verify(signature, message, publicKey); if (!isVerified) { - return new Error("invalid signature"); + throw Error("invalid signature"); } - return true; } export function keyPair() { - const { secretKey, publicKey } = nacl.sign.keyPair(); + const privateKey = ed25519.utils.randomPrivateKey(); + const publicKey = ed25519.getPublicKey(privateKey); return { - secretKey: Buffer.from(secretKey).toString("hex"), + privateKey: Buffer.from(privateKey).toString("hex"), publicKey: Buffer.from(publicKey).toString("hex"), }; } diff --git a/src/auth/index.ts b/src/auth/index.ts deleted file mode 100644 index 413f94f..0000000 --- a/src/auth/index.ts +++ /dev/null @@ -1,2 +0,0 @@ -export * from "./cached.js"; -export * from "./ed25519.js"; diff --git a/src/auth/sign.test.ts b/src/auth/sign.test.ts deleted file mode 100644 index 9930467..0000000 --- a/src/auth/sign.test.ts +++ /dev/null @@ -1,43 +0,0 @@ -import { beforeEach, expect, setSystemTime, spyOn, test } from "bun:test"; -import { cachedSign } from "./cached.js"; -import * as auth from "./ed25519.js"; - -const secretKey = - "3faae992336ea6599fbee55bb2605f1a1297c7288b860725cdfc8794413559dba3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; - -beforeEach(() => { - setSystemTime(); -}); - -// This test will be invalid from January 1, 2050 -test("sign", () => { - const expectedSignature = - "d26299022b13c25e4889191cdb6f4ab8fa30a524bca44b1742bedeeabb145ca99790ba09467f1365f870aee1236ec8682cdc3690eda4c8266cff512447d7270b"; - - // Make the token expire in 2050 by modifying the current time - setSystemTime(new Date(2050, 0, 1)); - const { signature, expirationTime, publicKey } = auth.sign(secretKey, 0); - setSystemTime(); - - expect(signature).toBe(expectedSignature); - expect(auth.verify(signature, expirationTime, publicKey)).toBeTrue(); -}); - -test("sign cache", () => { - setSystemTime(new Date("2000-01-01T00:00:00.000Z")); - - const refreshSignatureSpy = spyOn(auth, "sign"); - - cachedSign(secretKey, 60); - expect(refreshSignatureSpy).toHaveBeenCalledTimes(1); - - // Requesting the signature in the first 60% of the time window will not regenerate it (0.6*60s = 36s) - setSystemTime(new Date("2000-01-01T00:00:35.000Z")); - cachedSign(secretKey, 60); - expect(refreshSignatureSpy).toHaveBeenCalledTimes(1); - - // Requesting the signature after the first 60% of the time window will regenerate it - setSystemTime(new Date("2000-01-01T00:00:36.000Z")); - cachedSign(secretKey, 60); - expect(refreshSignatureSpy).toHaveBeenCalledTimes(2); -}); diff --git a/src/auth/verify.test.ts b/src/auth/verify.test.ts deleted file mode 100644 index 767bf42..0000000 --- a/src/auth/verify.test.ts +++ /dev/null @@ -1,58 +0,0 @@ -import { expect, setSystemTime, spyOn, test } from "bun:test"; -import { cachedVerify } from "./cached.js"; -import * as auth from "./ed25519.js"; - -const secretKey = - "3faae992336ea6599fbee55bb2605f1a1297c7288b860725cdfc8794413559dba3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; -const publicKey = "a3cb7366ee8ca77225b4d41772e270e4e831d171d1de71d91707c42e7ba82cc9"; - -// This test will be invalid from January 1, 2050 -test("verify", () => { - const invalidPublicKey = "36657c7498f2ff2e9a520dcfbdad4e7c1e5354a75623165e28f6577a45a9eec3"; - - const expiry = new Date(2050, 0, 1); - const expired = new Date(2000, 0, 1); - - const tests = [ - { key: publicKey, expiry: expiry, expected: true }, - { key: publicKey, expiry: expired, expected: "signature has expired" }, - { key: invalidPublicKey, expiry: expiry, expected: "invalid signature" }, - { key: invalidPublicKey, expiry: expired, expected: "signature has expired" }, - ]; - - for (const test of tests) { - setSystemTime(test.expiry); - const { signature } = auth.sign(secretKey, 0); - - setSystemTime(); - if (typeof test.expected === "boolean") { - expect(auth.verify(signature, test.expiry.getTime(), test.key)).toBe(test.expected); - } else { - expect(() => auth.verify(signature, test.expiry.getTime(), test.key)).toThrow(test.expected); - } - } -}); - -test("verify cache", () => { - setSystemTime(new Date("2000-01-01T00:00:00.000Z")); - - const { signature, expirationTime, publicKey } = auth.sign(secretKey, 60); - const verifyMessageSpy = spyOn(auth, "verify"); - - expect(cachedVerify(signature, expirationTime, publicKey)).toBeTrue(); - expect(verifyMessageSpy).toHaveBeenCalledTimes(1); - - // This signature is already known, we do not need to revalidate it - expect(cachedVerify(signature, expirationTime, publicKey)).toBeTrue(); - expect(verifyMessageSpy).toHaveBeenCalledTimes(1); - - // This signature expires in 1s, but it is still valid. We do not need to revalide it. - setSystemTime(new Date("2000-01-01T00:00:59.000Z")); - expect(cachedVerify(signature, expirationTime, publicKey)).toBeTrue(); - expect(verifyMessageSpy).toHaveBeenCalledTimes(1); - - // This signature is expired, it should be removed from the cache. - setSystemTime(new Date("2000-01-01T00:01:00.000Z")); - expect(cachedVerify(signature, expirationTime, publicKey)).toBeInstanceOf(Error); - expect(verifyMessageSpy).toHaveBeenCalledTimes(1); -}); diff --git a/src/ping.ts b/src/ping.ts index 57aee4f..b2573d7 100644 --- a/src/ping.ts +++ b/src/ping.ts @@ -1,20 +1,21 @@ +import { Hex } from "@noble/curves/abstract/utils"; import { keyPair } from "./auth/ed25519.js"; import { postWebhook } from "./postWebhook.js"; -export async function ping(url: string, secretKey: string, expiryTime: number) { +export async function ping(url: string, privateKey: Hex) { const body = JSON.stringify({ message: "PING" }); - const invalidSecretKey = keyPair().secretKey; + const invalidprivateKey = keyPair().privateKey; // send valid signature (must respond with 200) try { - await postWebhook(url, body, secretKey, expiryTime, { maximumAttempts: 0 }); + await postWebhook(url, body, privateKey, { maximumAttempts: 0 }); } catch (_e) { return false; } // send invalid signature (must NOT respond with 200) try { - await postWebhook(url, body, invalidSecretKey, expiryTime, { maximumAttempts: 0 }); + await postWebhook(url, body, invalidprivateKey, { maximumAttempts: 0 }); return false; } catch (_e) { return true; diff --git a/src/postWebhook.ts b/src/postWebhook.ts index 8db959d..9bb19e0 100644 --- a/src/postWebhook.ts +++ b/src/postWebhook.ts @@ -1,5 +1,6 @@ +import { Hex } from "@noble/curves/abstract/utils"; import { logger } from "substreams-sink"; -import { cachedSign } from "./auth/cached.js"; +import { createTimestamp, sign } from "./auth/ed25519.js"; function awaitSetTimeout(ms: number) { return new Promise((resolve) => setTimeout(resolve, ms)); @@ -7,20 +8,16 @@ function awaitSetTimeout(ms: number) { interface PostWebhookOptions { maximumAttempts?: number; + disableSignature?: string; } -export async function postWebhook( - url: string, - body: string, - secretKey: string, - expiryTime: number, - options: PostWebhookOptions = {}, -) { +export async function postWebhook(url: string, body: string, secretKey: Hex, options: PostWebhookOptions = {}) { // Retry Policy const initialInterval = 1000; // 1s const maximumAttempts = options.maximumAttempts ?? 100 * initialInterval; const maximumInterval = 100 * initialInterval; const backoffCoefficient = 2; + const disableSignature = options.disableSignature === "true"; let attempts = 0; while (true) { @@ -42,7 +39,8 @@ export async function postWebhook( } try { - const { signature, expirationTime, publicKey } = cachedSign(secretKey, expiryTime); + const timestamp = createTimestamp(); + const signature = disableSignature ? "" : sign(timestamp, body, secretKey); const response = await fetch(url, { body, @@ -50,8 +48,7 @@ export async function postWebhook( headers: { "content-type": "application/json", "x-signature-ed25519": signature, - "x-signature-ed25519-expiry": expirationTime.toString(), - "x-signature-ed25519-public-key": publicKey, + "x-signature-timestamp": String(timestamp), }, }); diff --git a/tsconfig.json b/tsconfig.json index 3b24b14..5f6214c 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -17,7 +17,6 @@ }, "include": [ "index.ts", - "bin/cli.ts", - "src/**/*" + "bin/cli.ts" ] } \ No newline at end of file