Merge pull request #149 from HubSpot/feature/validateSignature

add validateSignature
HubSpot · Feb 3, 2022 · 9318646 · 9318646
2 parents 91087f1 + f471d23
commit 9318646
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -210,7 +210,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Iterable middlewares 
 
-[unreleased]: https://github.com/HubSpot/hubspot-api-nodejs/compare/6.0.1-beta...HEAD
+## [6.0.1-beta1] - 2022-02-03
+
+### Added
+
+- webhooks.validateSignature()
+
+[unreleased]: https://github.com/HubSpot/hubspot-api-nodejs/compare/6.0.1-beta1...HEAD
 [1.0.0-beta]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/v1.0.0-beta
 [1.1.0-beta]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/v1.1.0-beta
 [2.0.1]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/2.0.1
@@ -228,3 +234,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [5.0.0]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/5.0.0
 [6.0.0-beta]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/6.0.0-beta
 [6.0.1-beta]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/6.0.1-beta
+[6.0.1-beta]: https://github.com/HubSpot/hubspot-api-nodejs/releases/tag/6.0.1-beta1
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@hubspot/api-client",
-  "version": "6.0.1-beta",
+  "version": "6.0.1-beta1",
   "description": "NodeJS v3 [HubSpot API](https://developers.hubspot.com/docs/api/overview) SDK(Client) files",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/src/discovery/webhooks/WebhooksDiscovery.ts b/src/discovery/webhooks/WebhooksDiscovery.ts
@@ -2,6 +2,7 @@ import { createConfiguration } from '../../../codegen/webhooks/configuration'
 import { RequestContext, ResponseContext, SettingsApi, SubscriptionsApi } from '../../../codegen/webhooks/index'
 import { ApiClientConfigurator } from '../../configuration/ApiClientConfigurator'
 import { IConfiguration } from '../../configuration/IConfiguration'
+import { validateSignature } from '../../services/validateSignature'
 
 export class WebhooksDiscovery {
   public settingsApi: SettingsApi
@@ -13,4 +14,15 @@ export class WebhooksDiscovery {
     this.settingsApi = new SettingsApi(configuration)
     this.subscriptionsApi = new SubscriptionsApi(configuration)
   }
+
+  public validateSignature(
+    signature: string,
+    clientSecret: string,
+    requestBody: string,
+    signatureVersion = 'v1',
+    webhooksUrl?: string,
+    webhooksMethod = 'POST',
+  ): boolean {
+    return validateSignature(signature, clientSecret, requestBody, signatureVersion, webhooksUrl, webhooksMethod)
+  }
 }
diff --git a/src/services/validateSignature.ts b/src/services/validateSignature.ts
@@ -0,0 +1,22 @@
+import crypto = require('crypto')
+import * as _ from 'lodash'
+
+export function validateSignature(
+  signature: string,
+  clientSecret: string,
+  requestBody: string,
+  signatureVersion = 'v1',
+  webhooksUrl?: string,
+  webhooksMethod = 'POST',
+): boolean {
+  const sourceString = _.isEqual(signatureVersion, 'v1')
+    ? clientSecret + requestBody
+    : clientSecret + webhooksMethod + webhooksUrl + requestBody
+
+  const hash = crypto
+    .createHash('sha256')
+    .update(sourceString)
+    .digest('hex')
+
+  return _.isEqual(signature, hash)
+}