Merge branch 'master' of https://github.com/docusign/code-examples-node-private

Author: raileendr

index.js

@@ -53,6 +53,8 @@ const {
   eg010admin, eg011admin, eg012admin
 } = require('./lib/admin/controllers');
 
+const { eg001connect } = require('./lib/connect/controllers');
+
 const PORT = process.env.PORT || 3000;
 const HOST = process.env.HOST || 'localhost';
 const max_session_min = 180;
@@ -267,6 +269,9 @@ app.get('/eg001', eg001.getController)
   .get('/eg044', eg044.getController)
   .post('/eg044', eg044.createController);
 
+app.get('/cneg001', eg001connect.getController)
+  .post('/cneg001', eg001connect.createController);
+
 function dsLoginCB1(req, res, next) { req.dsAuthCodeGrant.oauth_callback1(req, res, next); }
 function dsLoginCB2(req, res, next) { req.dsAuthCodeGrant.oauth_callback2(req, res, next); }
 

lib/connect/controllers/eg001ValidateWebhookMessage.js

@@ -0,0 +1,69 @@
+/**
+ * @file
+ * Example 001: Validate webhook message using HMAC
+ * @author DocuSign
+ */
+
+const path = require('path');
+const validator = require('validator');
+const { formatString, API_TYPES } = require('../../utils.js');
+const { getExampleByNumber } = require('../../manifestService');
+const dsConfig = require('../../../config/index.js').config;
+const { computeHash } = require('../examples/validateWebhookMessage');
+
+const eg001ValidateWebhookMessage = exports;
+const exampleNumber = 1;
+const eg = `cneg00${exampleNumber}`; // This example reference.
+const api = API_TYPES.CONNECT;
+const mustAuthenticate = '/ds/mustAuthenticateJWT';
+
+/**
+ * Create the envelope
+ * @param {object} req Request obj
+ * @param {object} res Response obj
+ */
+eg001ValidateWebhookMessage.createController = async (req, res) => {
+  // Call the worker method
+  const { body } = req;
+  const args = {
+    secret: validator.escape(body.secret),
+    payload: body.payload,
+  };
+  let results = null;
+
+  try {
+    results = computeHash(args);
+  } catch (error) {
+    const errorCode = error?.code;
+    const errorMessage = error?.message;
+    // In production, may want to provide customized error messages and
+    // remediation advice to the user.
+    res.render('pages/error', { err: error, errorCode, errorMessage });
+  }
+  if (results) {
+    const example = getExampleByNumber(res.locals.manifest, exampleNumber, api);
+    res.render('pages/example_done', {
+      title: example.ExampleName,
+      message: formatString(example.ResultsPageText, results),
+    });
+  }
+};
+
+/**
+ * Form page for this application
+ */
+eg001ValidateWebhookMessage.getController = (req, res) => {
+  const example = getExampleByNumber(res.locals.manifest, exampleNumber, api);
+  const sourceFile =
+    path.basename(__filename)[5].toLowerCase() +
+    path.basename(__filename).substr(6);
+  res.render('pages/connect-examples/eg001ValidateWebhookMessage', {
+    eg: eg,
+    csrfToken: req.csrfToken(),
+    example: example,
+    sourceFile: sourceFile,
+    sourceUrl: dsConfig.githubExampleUrl + 'connect/examples/' + sourceFile,
+    documentation: dsConfig.documentation + eg,
+    showDoc: dsConfig.documentation,
+  });
+};

lib/connect/controllers/index.js

@@ -0,0 +1 @@
+module.exports.eg001connect = require('./eg001ValidateWebhookMessage');

lib/connect/examples/validateWebhookMessage.js

@@ -0,0 +1,35 @@
+/**
+ * @file
+ * Example 001: Validate webhook message using HMAC
+ * @author DocuSign
+ */
+
+const crypto = require('crypto');
+
+/**
+ * This function computes the hash.
+ * @param {object} args parameters for computing the hash.
+ * @param {string} args.secret hmac secret key.
+ * @param {string} args.payload plain text payload.
+ * @return {string} Computed hash.
+ */
+const computeHash = (args) => {
+  const hmac = crypto.createHmac('sha256', args.secret);
+  hmac.write(args.payload);
+  hmac.end();
+  return hmac.read().toString('base64');
+};
+
+/**
+ * This function validates a webhook message.
+ * @param {object} args parameters for validating the message.
+ * @param {string} args.verify hash value as base64 string.
+ * @param {string} args.secret hmac secret key.
+ * @param {string} args.payload plain text payload.
+ * @return {boolean} Returns true if the provided hash matches the computed hash, otherwise false.
+ */
+const isHashValid = (args) => {
+  return crypto.timingSafeEqual(Buffer.from(args.verify, 'base64'), Buffer.from(computeHash(args), 'base64'));
+};
+
+module.exports = { computeHash, isHashValid };

lib/utils.js

@@ -16,6 +16,7 @@ const API_TYPES = {
   CLICK: 'Click',
   ROOMS: 'Rooms',
   ADMIN: 'Admin',
+  CONNECT: 'Connect',
 };
 
 async function isCFR(accessToken, accountId, basePath) {