add sync Functions for node

Author: Uzlopak

src/index.ts

@@ -1,22 +1,31 @@
-export { sign } from "./node/sign";
-import { verify } from "./node/verify";
-export { verify };
+export { sign, signSync } from "./node/sign";
+import { verifySync } from "./node/verify";
+export { verify, verifySync } from "./node/verify";
 
 export async function verifyWithFallback(
   secret: string,
   payload: string,
   signature: string,
   additionalSecrets: undefined | string[],
-): Promise<any> {
-  const firstPass = await verify(secret, payload, signature);
+): Promise<boolean> {
+  return verifyWithFallbackSync(secret, payload, signature, additionalSecrets);
+}
+
+export function verifyWithFallbackSync(
+  secret: string,
+  payload: string,
+  signature: string,
+  additionalSecrets: undefined | string[],
+): boolean {
+  const firstPass = verifySync(secret, payload, signature);
 
   if (firstPass) {
     return true;
   }
 
   if (additionalSecrets !== undefined) {
     for (const s of additionalSecrets) {
-      const v: boolean = await verify(s, payload, signature);
+      const v: boolean = verifySync(s, payload, signature);
       if (v) {
         return v;
       }

src/node/sign.ts

@@ -5,6 +5,10 @@ export async function sign(
   secret: string | Buffer,
   payload: string,
 ): Promise<string> {
+  return signSync(secret, payload);
+}
+
+export function signSync(secret: string | Buffer, payload: string): string {
   if (!secret || !payload) {
     throw new TypeError(
       "[@octokit/webhooks-methods] secret & payload required for sign()",
@@ -15,3 +19,4 @@ export async function sign(
 }
 
 sign.VERSION = VERSION;
+signSync.VERSION = VERSION;

src/node/verify.ts

@@ -9,6 +9,14 @@ export async function verify(
   eventPayload: string,
   signature: string,
 ): Promise<boolean> {
+  return verifySync(secret, eventPayload, signature);
+}
+
+export function verifySync(
+  secret: string | Buffer,
+  eventPayload: string,
+  signature: string,
+): boolean {
   if (!secret || !eventPayload || !signature) {
     throw new TypeError(
       "[@octokit/webhooks-methods] secret, eventPayload & signature required",
@@ -24,9 +32,9 @@ export async function verify(
     return false;
   }
 
-  const verificationBuffer = Buffer.from(
-    createHmac("sha256", secret).update(eventPayload).digest(),
-  );
+  const verificationBuffer = createHmac("sha256", secret)
+    .update(eventPayload)
+    .digest().buffer as Buffer;
 
   // constant time comparison to prevent timing attacks
   // https://stackoverflow.com/a/31096242/206879
@@ -35,3 +43,4 @@ export async function verify(
 }
 
 verify.VERSION = VERSION;
+verifySync.VERSION = VERSION;

src/web.ts

@@ -1,5 +1,3 @@
-import { type SignOptions } from "./types";
-
 const enc = new TextEncoder();
 
 function hexToUInt8Array(string: string) {
@@ -35,15 +33,7 @@ async function importKey(secret: string) {
   );
 }
 
-export async function sign(options: SignOptions | string, payload: string) {
-  const { secret, algorithm } =
-    typeof options === "object"
-      ? {
-          secret: options.secret,
-          algorithm: "sha256",
-        }
-      : { secret: options, algorithm: "sha256" };
-
+export async function sign(secret: string, payload: string) {
   if (!secret || !payload) {
     throw new TypeError(
       "[@octokit/webhooks-methods] secret & payload required for sign()",
@@ -56,7 +46,7 @@ export async function sign(options: SignOptions | string, payload: string) {
     enc.encode(payload),
   );
 
-  return `${algorithm}=${UInt8ArrayToHex(signature)}`;
+  return `sha256=${UInt8ArrayToHex(signature)}`;
 }
 
 export async function verify(

test/sign.test.ts

@@ -1,4 +1,4 @@
-import { sign } from "../src";
+import { sign, signSync } from "../src";
 
 const eventPayload = {
   foo: "bar",
@@ -60,3 +60,20 @@ describe("sign", () => {
     });
   });
 });
+
+describe("signSync", () => {
+  it("is a function", () => {
+    expect(signSync).toBeInstanceOf(Function);
+  });
+
+  it("signSync.VERSION is set", () => {
+    expect(signSync.VERSION).toEqual("0.0.0-development");
+  });
+
+  test("signSync(secret, eventPayload)", () => {
+    const signature = signSync(secret, JSON.stringify(eventPayload));
+    expect(signature).toBe(
+      "sha256=4864d2759938a15468b5df9ade20bf161da9b4f737ea61794142f3484236bda3",
+    );
+  });
+});

test/verify.test.ts

@@ -1,4 +1,4 @@
-import { verify, verifyWithFallback } from "../src";
+import { verify, verifySync, verifyWithFallback } from "../src";
 
 function toNormalizedJsonString(payload: object) {
   // GitHub sends its JSON with an indentation of 2 spaces and a line break at the end
@@ -147,3 +147,18 @@ describe("verifyWithFallback", () => {
     expect(signatureMatches).toBe(false);
   });
 });
+
+describe("verifySync", () => {
+  it("is a function", () => {
+    expect(verifySync).toBeInstanceOf(Function);
+  });
+
+  it("verifySync.VERSION is set", () => {
+    expect(verifySync.VERSION).toEqual("0.0.0-development");
+  });
+
+  test("verifySync(secret, eventPayload, signature) returns true for correct signature", () => {
+    const signatureMatches = verifySync(secret, eventPayload, signature);
+    expect(signatureMatches).toBe(true);
+  });
+});