1.1.1 • Published 4 years ago

zeplin-webhook-parser v1.1.1

Weekly downloads
9
License
MIT
Repository
github
Last release
4 years ago

Zeplin Webhook Parser

Zeplin webhook request parser middleware for express.js

Installation

This repository is a Node.js package which avaiable through NPM Registry. Installation can be done by using npm install command:

npm install zeplin-webhook-parser

Usage

Default export for this package is Zeplin class, which you can instantiate with secret that is registered via Zeplin.

const Zeplin = require('zeplin');
const zeplin = new Zeplin('YourZeplinSecret', {
  expirationTime: 60000
});

/*
 * You can use it as express router callback.
 * It will validate the incoming request and check for the secret and expiration time that you've already set.
 */
const express = require('express');
const app = express();
app.use(express.json()); // It is important to activate this middleware since Zeplin Webhook Request Content-Type is application/json

app.post('/zeplin-webhooks', zeplin.verify, (req, res) => {
  console.log('Webhook Event Name:', req.body.event); // i.e: project.screen.version
  // Do whatever you want!
  res.status(204).end() // It is recommended to set status code into 204 since Zeplin won't be able to do anything with your response body payload anyway.
});

API

The only important method in this package is Zeplin.prototype.verify method.

Zeplin.prototype.verify

What does this method do? It basically checks incoming webhook request signature and its timestamp, determine if the request is valid or not. As documented on Zeplin, we need to check the zeplin-signature and zeplin-delivery-timestamp if we want to make our webhook endpoint secure.

Here's the sneak peak of what the implementation look like:

Zeplin.prototype.verify = (req, res, next) => {
  const timestamp = req.headers['zeplin-delivery-timestamp'];
  if (this.isExpired(timestamp)) throw new Error('Request is expired!');
  if (
    this.verifySignature(req.headers['zeplin-signature'], (secret) =>
      crypto
        .createHmac("sha256", secret)
        .update(`${timestamp}.${JSON.stringify(req.body)}`)
        .digest('hex')
    )
  ) return next();
  throw new Error('Request is not authorized!');
}

Examine the code yourself :)

Webhook Event Reference

You can checkout Zeplin Documentation to see list of webhook event that can be used, with each payload:

https://docs.zeplin.dev/reference#webhook-events-overview

License

MIT