FRE-651: CEO coordination notes for founder bio/headshot assets

node_modules/standardwebhooks/dist/index.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="node" />
+declare class ExtendableError extends Error {
+    constructor(message: any);
+}
+export declare class WebhookVerificationError extends ExtendableError {
+    constructor(message: string);
+}
+export interface WebhookUnbrandedRequiredHeaders {
+    "webhook-id": string;
+    "webhook-timestamp": string;
+    "webhook-signature": string;
+}
+export interface WebhookOptions {
+    format?: "raw";
+}
+export declare class Webhook {
+    private static prefix;
+    private readonly key;
+    constructor(secret: string | Uint8Array, options?: WebhookOptions);
+    verify(payload: string | Buffer, headers_: WebhookUnbrandedRequiredHeaders | Record<string, string>): unknown;
+    sign(msgId: string, timestamp: Date, payload: string | Buffer): string;
+    private verifyTimestamp;
+}
+export {};

node_modules/standardwebhooks/dist/index.js

@@ -0,0 +1,106 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Webhook = exports.WebhookVerificationError = void 0;
+const timing_safe_equal_1 = require("./timing_safe_equal");
+const base64 = require("@stablelib/base64");
+const sha256 = require("fast-sha256");
+const WEBHOOK_TOLERANCE_IN_SECONDS = 5 * 60;
+class ExtendableError extends Error {
+    constructor(message) {
+        super(message);
+        Object.setPrototypeOf(this, ExtendableError.prototype);
+        this.name = "ExtendableError";
+        this.stack = new Error(message).stack;
+    }
+}
+class WebhookVerificationError extends ExtendableError {
+    constructor(message) {
+        super(message);
+        Object.setPrototypeOf(this, WebhookVerificationError.prototype);
+        this.name = "WebhookVerificationError";
+    }
+}
+exports.WebhookVerificationError = WebhookVerificationError;
+class Webhook {
+    constructor(secret, options) {
+        if (!secret) {
+            throw new Error("Secret can't be empty.");
+        }
+        if ((options === null || options === void 0 ? void 0 : options.format) === "raw") {
+            if (secret instanceof Uint8Array) {
+                this.key = secret;
+            }
+            else {
+                this.key = Uint8Array.from(secret, (c) => c.charCodeAt(0));
+            }
+        }
+        else {
+            if (typeof secret !== "string") {
+                throw new Error("Expected secret to be of type string");
+            }
+            if (secret.startsWith(Webhook.prefix)) {
+                secret = secret.substring(Webhook.prefix.length);
+            }
+            this.key = base64.decode(secret);
+        }
+    }
+    verify(payload, headers_) {
+        const headers = {};
+        for (const key of Object.keys(headers_)) {
+            headers[key.toLowerCase()] = headers_[key];
+        }
+        const msgId = headers["webhook-id"];
+        const msgSignature = headers["webhook-signature"];
+        const msgTimestamp = headers["webhook-timestamp"];
+        if (!msgSignature || !msgId || !msgTimestamp) {
+            throw new WebhookVerificationError("Missing required headers");
+        }
+        const timestamp = this.verifyTimestamp(msgTimestamp);
+        const computedSignature = this.sign(msgId, timestamp, payload);
+        const expectedSignature = computedSignature.split(",")[1];
+        const passedSignatures = msgSignature.split(" ");
+        const encoder = new globalThis.TextEncoder();
+        for (const versionedSignature of passedSignatures) {
+            const [version, signature] = versionedSignature.split(",");
+            if (version !== "v1") {
+                continue;
+            }
+            if ((0, timing_safe_equal_1.timingSafeEqual)(encoder.encode(signature), encoder.encode(expectedSignature))) {
+                return JSON.parse(payload.toString());
+            }
+        }
+        throw new WebhookVerificationError("No matching signature found");
+    }
+    sign(msgId, timestamp, payload) {
+        if (typeof payload === "string") {
+        }
+        else if (payload.constructor.name === "Buffer") {
+            payload = payload.toString();
+        }
+        else {
+            throw new Error("Expected payload to be of type string or Buffer.");
+        }
+        const encoder = new TextEncoder();
+        const timestampNumber = Math.floor(timestamp.getTime() / 1000);
+        const toSign = encoder.encode(`${msgId}.${timestampNumber}.${payload}`);
+        const expectedSignature = base64.encode(sha256.hmac(this.key, toSign));
+        return `v1,${expectedSignature}`;
+    }
+    verifyTimestamp(timestampHeader) {
+        const now = Math.floor(Date.now() / 1000);
+        const timestamp = parseInt(timestampHeader, 10);
+        if (isNaN(timestamp)) {
+            throw new WebhookVerificationError("Invalid Signature Headers");
+        }
+        if (now - timestamp > WEBHOOK_TOLERANCE_IN_SECONDS) {
+            throw new WebhookVerificationError("Message timestamp too old");
+        }
+        if (timestamp > now + WEBHOOK_TOLERANCE_IN_SECONDS) {
+            throw new WebhookVerificationError("Message timestamp too new");
+        }
+        return new Date(timestamp * 1000);
+    }
+}
+exports.Webhook = Webhook;
+Webhook.prefix = "whsec_";
+//# sourceMappingURL=index.js.map

node_modules/standardwebhooks/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,2DAAsD;AACtD,4CAA4C;AAC5C,sCAAsC;AAEtC,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,CAAC;AAE5C,MAAM,eAAgB,SAAQ,KAAK;IACjC,YAAY,OAAY;QACtB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC;IACxC,CAAC;CACF;AAED,MAAa,wBAAyB,SAAQ,eAAe;IAC3D,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAND,4DAMC;AAYD,MAAa,OAAO;IAIlB,YAAY,MAA2B,EAAE,OAAwB;QAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,MAAK,KAAK,EAAE,CAAC;YAC9B,IAAI,MAAM,YAAY,UAAU,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACnD,CAAC;YACD,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAEM,MAAM,CACX,OAAwB,EACxB,QAAkE;QAElE,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAI,QAAmC,CAAC,GAAG,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;QACpC,MAAM,YAAY,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAElD,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7C,MAAM,IAAI,wBAAwB,CAAC,0BAA0B,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAErD,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAE1D,MAAM,gBAAgB,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjD,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;QAC7C,KAAK,MAAM,kBAAkB,IAAI,gBAAgB,EAAE,CAAC;YAClD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3D,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,SAAS;YACX,CAAC;YAED,IAAI,IAAA,mCAAe,EAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QACD,MAAM,IAAI,wBAAwB,CAAC,6BAA6B,CAAC,CAAC;IACpE,CAAC;IAEM,IAAI,CAAC,KAAa,EAAE,SAAe,EAAE,OAAwB;QAClE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAElC,CAAC;aAAM,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjD,OAAO,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI,eAAe,IAAI,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;QACvE,OAAO,MAAM,iBAAiB,EAAE,CAAC;IACnC,CAAC;IAEO,eAAe,CAAC,eAAuB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAChD,IAAI,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,wBAAwB,CAAC,2BAA2B,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,GAAG,GAAG,SAAS,GAAG,4BAA4B,EAAE,CAAC;YACnD,MAAM,IAAI,wBAAwB,CAAC,2BAA2B,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,SAAS,GAAG,GAAG,GAAG,4BAA4B,EAAE,CAAC;YACnD,MAAM,IAAI,wBAAwB,CAAC,2BAA2B,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;;AA7FH,0BA8FC;AA7FgB,cAAM,GAAG,QAAQ,CAAC"}

node_modules/standardwebhooks/dist/timing_safe_equal.d.ts

@@ -0,0 +1 @@
+export declare function timingSafeEqual(a: ArrayBufferView | ArrayBufferLike | DataView, b: ArrayBufferView | ArrayBufferLike | DataView): boolean;

node_modules/standardwebhooks/dist/timing_safe_equal.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.timingSafeEqual = void 0;
+function assert(expr, msg = "") {
+    if (!expr) {
+        throw new Error(msg);
+    }
+}
+function timingSafeEqual(a, b) {
+    if (a.byteLength !== b.byteLength) {
+        return false;
+    }
+    if (!(a instanceof DataView)) {
+        a = new DataView(ArrayBuffer.isView(a) ? a.buffer : a);
+    }
+    if (!(b instanceof DataView)) {
+        b = new DataView(ArrayBuffer.isView(b) ? b.buffer : b);
+    }
+    assert(a instanceof DataView);
+    assert(b instanceof DataView);
+    const length = a.byteLength;
+    let out = 0;
+    let i = -1;
+    while (++i < length) {
+        out |= a.getUint8(i) ^ b.getUint8(i);
+    }
+    return out === 0;
+}
+exports.timingSafeEqual = timingSafeEqual;
+//# sourceMappingURL=timing_safe_equal.js.map

node_modules/standardwebhooks/dist/timing_safe_equal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"timing_safe_equal.js","sourceRoot":"","sources":["../src/timing_safe_equal.ts"],"names":[],"mappings":";;;AAIA,SAAS,MAAM,CAAC,IAAa,EAAE,GAAG,GAAG,EAAE;IACrC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAID,SAAgB,eAAe,CAC7B,CAA+C,EAC/C,CAA+C;IAE/C,IAAI,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,UAAU,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,CAAC,CAAC,YAAY,QAAQ,CAAC,EAAE,CAAC;QAC7B,CAAC,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,CAAC,CAAC,YAAY,QAAQ,CAAC,EAAE,CAAC;QAC7B,CAAC,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,CAAC,CAAC,YAAY,QAAQ,CAAC,CAAC;IAC9B,MAAM,CAAC,CAAC,YAAY,QAAQ,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,CAAC;IAC5B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACX,OAAO,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC;QACpB,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,CAAC;AACnB,CAAC;AAtBD,0CAsBC"}