Skip to content

Commit

Permalink
Merge pull request #37 from pinax-network/webhook-signature
Browse files Browse the repository at this point in the history
Update webhook signature
  • Loading branch information
DenisCarriere authored Feb 13, 2024
2 parents 97ebc19 + ab3690a commit 1800228
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 65 deletions.
11 changes: 5 additions & 6 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{
"private": true,
"version": "0.1.10",
"version": "0.2.0",
"description": "Substreams Sink Websockets",
"name": "substreams-sink-websockets",
"homepage": "https://github.com/pinax-network/substreams-sink-websockets",
"type": "module",
"scripts": {
"start": "bun run index.ts --help",
"start": "bun run index.ts",
"test": "bun test",
"build": "bun build --compile ./index.ts --outfile substreams-sink-websockets",
"dev": "bun run --watch index.ts"
Expand All @@ -16,12 +16,11 @@
"dotenv": "latest",
"openapi3-ts": "latest",
"prom-client": "latest",
"substreams-sink-webhook": "^0.7.2",
"tslog": "latest",
"tweetnacl": "latest"
"substreams-sink-webhook": "^0.8",
"tslog": "latest"
},
"devDependencies": {
"bun-types": "latest",
"@types/bun": "latest",
"typescript": "latest"
}
}
1 change: 0 additions & 1 deletion src/fetch/POST.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import { Server } from "bun";
import { toText } from "./cors.js";
import { insertMessages } from "./messages.js";
import { signatureEd25519 } from "../webhook/singatureEd25519.js";
import { BodySchema } from "substreams-sink-webhook/auth";

export default async function (req: Request, server: Server) {
// validate Ed25519 signature
Expand Down
34 changes: 0 additions & 34 deletions src/verify.spec.ts

This file was deleted.

10 changes: 0 additions & 10 deletions src/verify.ts

This file was deleted.

22 changes: 12 additions & 10 deletions src/webhook/singatureEd25519.ts
Original file line number Diff line number Diff line change
@@ -1,23 +1,25 @@
import { PUBLIC_KEYS } from "../config.js";
import { toText } from "../fetch/cors.js";
import { Err, Ok, Result } from "../result.js";
import { cachedVerify } from "substreams-sink-webhook/auth";
import { verify } from "substreams-sink-webhook/auth";

export async function signatureEd25519(req: Request, text: string): Promise<Result<undefined, Response>> {
export async function signatureEd25519(req: Request, body: string): Promise<Result<undefined, Response>> {
const signature = req.headers.get("x-signature-ed25519");
const expiry = req.headers.get("x-signature-ed25519-expiry");
const publicKey = req.headers.get("x-signature-ed25519-public-key");
const timestamp = Number(req.headers.get("x-signature-timestamp"));

if (!signature) return Err(toText("missing required signature in headers", 400));
if (!expiry) return Err(toText("missing required expiry in headers", 400));
if (!publicKey) return Err(toText("missing required public key in headers", 400));
if (!text) return Err(toText("missing body", 400));
if (!timestamp) return Err(toText("missing required timestamp in headers", 400));
if (!body) return Err(toText("missing body", 400));

if (!PUBLIC_KEYS.includes(publicKey)) {
return Err(toText("invalid public key", 401));
let isVerified = false;
for ( const publicKey of PUBLIC_KEYS) {
if (verify(timestamp, body, signature, publicKey)) {
isVerified = true;
break;
}
}

if (!cachedVerify(signature, Number(expiry), publicKey)) {
if (!isVerified) {
return Err(toText("invalid request signature", 401));
}

Expand Down
8 changes: 4 additions & 4 deletions src/websocket/parseMessage.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,21 +31,21 @@ test("parseMessage - ping", () => {
"method": "ping"
}`)).toBeTruthy();

expect(parseMessage(`{
expect(Number(parseMessage(`{
"id": 123,
"method": "ping"
}`).id).toBe(123);
}`).id)).toBe(123);
});

test("parseMessage - time", () => {
expect(parseMessage(`{
"method": "time"
}`)).toBeTruthy();

expect(parseMessage(`{
expect(Number(parseMessage(`{
"id": 123,
"method": "time"
}`).id).toBe(123);
}`).id)).toBe(123);
});

test("parseMessage - Missing required 'method' in JSON request.", () => {
Expand Down

0 comments on commit 1800228

Please sign in to comment.