blockfrost / blockfrost-js

Node.js SDK for the Blockfrost.io API.
https://blockfrost.io
Apache License 2.0
103 stars 25 forks source link

feat: typed return value in verifyWebhookSignature #284

Closed slowbackspace closed 11 months ago

slowbackspace commented 1 year ago

close https://github.com/blockfrost/blockfrost-js/issues/227

Intro

Accessing the webhook payload's is cumber-stone as it is not properly typed. This PR introduces changes to verifyWebhookSignature which now returns strongly typed webhook event payload.

Additionally, webhookPayload parameter now accepts both string and object types, eliminating the need to manually convert the payload to a string.

Usage

Before

 try {
    verifyWebhookSignature(
      JSON.stringify(request.body), // Stringified request.body (Note: In AWS Lambda you don't need to call JSON.stringify as event.body is already stringified)
      signatureHeader,
      SECRET_AUTH_TOKEN,
      600 // Optional param to customize maximum allowed age of the webhook event, defaults to 600s
    );
  } catch (error) {
    // In case of invalid signature verifyWebhookSignature will throw SignatureVerificationError
    // for easier debugging you can access passed signatureHeader and webhookPayload values (error.detail.signatureHeader, error.detail.webhookPayload)
    console.error(error);
    return response.status(400).send("Signature is not valid!");
}

// Signature is valid, process the non-types event
console.log(request.body.payload) // untyped, typescript will fail without type guards

After

 try {
    const event = verifyWebhookSignature(
      JSON.stringify(request.body), // Stringified request.body (Note: In AWS Lambda you don't need to call JSON.stringify as event.body is already stringified)
      signatureHeader,
      SECRET_AUTH_TOKEN,
      600 // Optional param to customize maximum allowed age of the webhook event, defaults to 600s
    );
   // Signature is valid, process the strongly typed event
  if (event.type === 'block') {
      console.log(event.payload.height); // this works without additional code for type checking
  }
  } catch (error) {
    // In case of invalid signature verifyWebhookSignature will throw SignatureVerificationError
    // for easier debugging you can access passed signatureHeader and webhookPayload values (error.detail.signatureHeader, error.detail.webhookPayload)
    console.error(error);
    return response.status(400).send("Signature is not valid!");