Skip to content

przpl/tpay-webhook-auth

Repository files navigation

tpay-webhook-auth

NPM version NPM downloads NPM bundle size

Description

Tpay JWS signature verification tool to ensure notification comes from tpay.com notification service.

  • TypeScript support
  • Lightweight - no external dependencies
  • Caches the root certificate and refreshes it automatically when needed

Access to the raw body is required to verify the signature. Example using "express":

import express, { raw } from "express";

const app = express();
app.use("/tpay-notification-webhook", raw({ type: "application/x-www-form-urlencoded" }));

Requirements

  • Node.js v18.0.0 or higher

Examples

NestJS Guard

import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
import { Request } from "express";
import { TpayWebhookAuth } from "tpay-webhook-auth";

@Injectable()
export class TpayWebhookGuard implements CanActivate {
    private readonly auth = new TpayWebhookAuth(); // create only one instance to reuse the cached root certificate

    public async canActivate(context: ExecutionContext) {
        const req = context.switchToHttp().getRequest<Request>();

        const signature = req.headers["x-jws-signature"];

        return this.auth.checkSignature(req.body, signature);
    }
}

Express Middleware

import { NextFunction, Request, Response } from "express";
import { TpayWebhookAuth } from "tpay-webhook-auth";

const auth = new TpayWebhookAuth(); // create only one instance to reuse the cached root certificate

export async function tpayWebhookMiddleware(req: Request, res: Response, next: NextFunction) {
    const signature = req.headers["x-jws-signature"];

    if (!(await auth.checkSignature(req.body, signature))) {
        return res.status(403).send("Invalid signature");
    }

    next();
}