update tests

arcoraven · arcoraven · commit 0bcea20e623b · 2024-10-31T10:02:27.000+08:00
diff --git a/src/prisma/schema.prisma b/src/prisma/schema.prisma
@@ -175,12 +175,11 @@ model Transactions {
 }
 
 model Webhooks {
-  id        Int     @id @default(autoincrement()) @map("id")
-  name      String? @map("name")
-  url       String  @map("url")
-  secret    String  @map("secret")
-  eventType String  @map("evenType")
-
+  id        Int       @id @default(autoincrement()) @map("id")
+  name      String?   @map("name")
+  url       String    @map("url")
+  secret    String    @map("secret")
+  eventType String    @map("evenType")
   createdAt DateTime  @default(now()) @map("createdAt")
   updatedAt DateTime  @updatedAt @map("updatedAt")
   revokedAt DateTime? @map("revokedAt")
diff --git a/src/server/routes/webhooks/create.ts b/src/server/routes/webhooks/create.ts
@@ -13,26 +13,12 @@ const requestBodySchema = Type.Object({
     description: "Webhook URL. Non-HTTPS URLs are not supported.",
     examples: ["https://example.com/webhook"],
   }),
-  name: Type.Optional(Type.String()),
-  eventType: Type.Enum(WebhooksEventTypes),
-  mtlsClientCert: Type.Optional(
-    Type.String({
-      description:
-        "(For mTLS) The client certificate used to authenticate your to your server.",
-    }),
-  ),
-  mtlsClientKey: Type.Optional(
+  name: Type.Optional(
     Type.String({
-      description:
-        "(For mTLS) The private key associated with your client certificate.",
-    }),
-  ),
-  mtlsCaCert: Type.Optional(
-    Type.String({
-      description:
-        "(For mTLS) The Certificate Authority (CA) that signed your client certificate, used to verify the authenticity of the `mtlsClientCert`. This is only required if using a self-signed certficate.",
+      minLength: 3,
     }),
   ),
+  eventType: Type.Enum(WebhooksEventTypes),
 });
 
 requestBodySchema.examples = [
diff --git a/src/tests/webhook.test.ts b/src/tests/webhook.test.ts
@@ -1,15 +1,18 @@
+import type { Webhooks } from "@prisma/client";
 import { describe, expect, it } from "vitest";
+import { WebhooksEventTypes } from "../schema/webhooks";
+import { generateRequestHeaders } from "../utils/webhook";
 import { generateSecretHmac256 } from "../utils/webhook/customAuthHeader";
 
 describe("generateSecretHmac256", () => {
   it("should generate a valid MAC header with correct structure and values", () => {
-    const timestampSeconds = new Date("2024-01-01").getTime() / 1000;
+    const timestamp = new Date("2024-01-01");
     const nonce = "6b98df0d-5f33-4121-96cb-77a0b9df2bbe";
 
     const result = generateSecretHmac256({
       webhookUrl: "https://example.com/webhook",
       body: { bodyArgName: "bodyArgValue" },
-      timestampSeconds,
+      timestamp,
       nonce,
       clientId: "testClientId",
       clientSecret: "testClientSecret",
@@ -20,3 +23,35 @@ describe("generateSecretHmac256", () => {
     );
   });
 });
+
+describe("generateRequestHeaders", () => {
+  const webhook: Webhooks = {
+    id: 42,
+    name: "test webhook",
+    url: "https://www.example.com/webhook",
+    secret: "test-secret-string",
+    eventType: WebhooksEventTypes.SENT_TX,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+    revokedAt: null,
+  };
+  const body = {
+    name: "Alice",
+    age: 25,
+    occupation: ["Founder", "Developer"],
+  };
+  const timestamp = new Date("2024-01-01");
+
+  it("Generate a consistent webhook header", () => {
+    const result = generateRequestHeaders({ webhook, body, timestamp });
+
+    expect(result).toEqual({
+      Accept: "application/json",
+      Authorization: "Bearer test-secret-string",
+      "Content-Type": "application/json",
+      "x-engine-signature":
+        "ca272da65f1145b9cfadab6d55086ee458eccc03a2c5f7f5ea84094d95b219cc",
+      "x-engine-timestamp": "1704067200",
+    });
+  });
+});
diff --git a/src/utils/env.ts b/src/utils/env.ts
@@ -6,18 +6,6 @@ import { z } from "zod";
 const path = process.env.NODE_ENV === "test" ? ".env.test" : ".env";
 dotenv.config({ path });
 
-export const JsonSchema = z.string().refine(
-  (value) => {
-    try {
-      JSON.parse(value);
-      return true;
-    } catch {
-      return false;
-    }
-  },
-  { message: "Invalid JSON string" },
-);
-
 const boolEnvSchema = (defaultBool: boolean) =>
   z
     .string()
diff --git a/src/utils/webhook.ts b/src/utils/webhook.ts
@@ -20,10 +20,10 @@ const generateSignature = (
 
 const generateAuthorization = (args: {
   webhook: Webhooks;
-  timestampSeconds: number;
+  timestamp: Date;
   body: Record<string, unknown>;
 }): string => {
-  const { webhook, timestampSeconds, body } = args;
+  const { webhook, timestamp, body } = args;
   if (env.ENABLE_CUSTOM_HMAC_AUTH) {
     assert(
       env.CUSTOM_HMAC_AUTH_CLIENT_ID,
@@ -37,7 +37,7 @@ const generateAuthorization = (args: {
     return generateSecretHmac256({
       webhookUrl: webhook.url,
       body,
-      timestampSeconds,
+      timestamp,
       nonce: randomUUID(),
       clientId: env.CUSTOM_HMAC_AUTH_CLIENT_ID,
       clientSecret: env.CUSTOM_HMAC_AUTH_CLIENT_SECRET,
@@ -46,17 +46,16 @@ const generateAuthorization = (args: {
   return `Bearer ${webhook.secret}`;
 };
 
-const generateRequestHeaders = (
-  webhook: Webhooks,
-  body: Record<string, unknown>,
-): HeadersInit => {
-  const timestampSeconds = Math.floor(Date.now() / 1000);
+export const generateRequestHeaders = (args: {
+  webhook: Webhooks;
+  body: Record<string, unknown>;
+  timestamp: Date;
+}): HeadersInit => {
+  const { webhook, body, timestamp } = args;
+
+  const timestampSeconds = Math.floor(timestamp.getTime() / 1000);
   const signature = generateSignature(body, timestampSeconds, webhook.secret);
-  const authorization = generateAuthorization({
-    webhook,
-    timestampSeconds,
-    body,
-  });
+  const authorization = generateAuthorization({ webhook, timestamp, body });
   return {
     Accept: "application/json",
     "Content-Type": "application/json",
@@ -92,7 +91,11 @@ export const sendWebhookRequest = async (
           })
         : undefined;
 
-    const headers = await generateRequestHeaders(webhook, body);
+    const headers = await generateRequestHeaders({
+      webhook,
+      body,
+      timestamp: new Date(),
+    });
     const resp = await fetch(webhook.url, {
       method: "POST",
       headers: headers,
diff --git a/src/utils/webhook/customAuthHeader.ts b/src/utils/webhook/customAuthHeader.ts
@@ -5,7 +5,7 @@ import { createHmac } from "node:crypto";
  *
  * @param webhookUrl - The URL to call.
  * @param body - The request body.
- * @param timestampSeconds - The timestamp in seconds.
+ * @param timestamp - The request timestamp.
  * @param nonce - A unique string for this request. Should not be re-used.
  * @param clientId - Your application's client id.
  * @param clientSecret - Your application's client secret.
@@ -14,21 +14,20 @@ import { createHmac } from "node:crypto";
 export const generateSecretHmac256 = (args: {
   webhookUrl: string;
   body: Record<string, unknown>;
-  timestampSeconds: number;
+  timestamp: Date;
   nonce: string;
   clientId: string;
   clientSecret: string;
 }): string => {
-  const { webhookUrl, body, timestampSeconds, nonce, clientId, clientSecret } =
-    args;
+  const { webhookUrl, body, timestamp, nonce, clientId, clientSecret } = args;
 
   // Create the body hash by hashing the payload.
   const bodyHash = createHmac("sha256", clientSecret)
     .update(JSON.stringify(body), "utf8")
     .digest("base64");
 
   // Create the signature hash by hashing the signature.
-  const ts = timestampSeconds * 1000; // timestamp expected in milliseconds
+  const ts = timestamp.getTime(); // timestamp expected in milliseconds
   const httpMethod = "POST";
   const url = new URL(webhookUrl);
   const resourcePath = url.pathname;
