ballerine-io · alonp99 · Sep 29, 2024 · Sep 11, 2024 · Sep 12, 2024 · Sep 12, 2024
diff --git a/apps/backoffice-v2/CHANGELOG.md b/apps/backoffice-v2/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @ballerine/backoffice-v2
 
+## 0.7.40
+
+### Patch Changes
+
+- Updated dependencies
+  - @ballerine/common@0.9.29
+  - @ballerine/workflow-browser-sdk@0.6.40
+  - @ballerine/workflow-node-sdk@0.6.40
+
 ## 0.7.39
 
 ### Patch Changes

diff --git a/examples/headless-example/CHANGELOG.md b/examples/headless-example/CHANGELOG.md
@@ -1,5 +1,21 @@
 # @ballerine/headless-example
 
+## 0.3.40
+
+### Patch Changes
+
+- Updated dependencies
+  - @ballerine/common@0.9.30
+  - @ballerine/workflow-browser-sdk@0.6.41
+
+## 0.3.39
+
+### Patch Changes
+
+- Updated dependencies
+  - @ballerine/common@0.9.29
+  - @ballerine/workflow-browser-sdk@0.6.40
+
 ## 0.3.38
 
 ### Patch Changes

diff --git a/examples/headless-example/package.json b/examples/headless-example/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@ballerine/headless-example",
   "private": true,
-  "version": "0.3.38",
+  "version": "0.3.40",
   "type": "module",
   "scripts": {
     "spellcheck": "cspell \"*\"",
@@ -34,8 +34,8 @@
     "vite": "^4.5.3"
   },
   "dependencies": {
-    "@ballerine/common": "0.9.28",
-    "@ballerine/workflow-browser-sdk": "0.6.39",
+    "@ballerine/common": "0.9.30",
+    "@ballerine/workflow-browser-sdk": "0.6.41",
     "@felte/reporter-svelte": "^1.1.5",
     "@felte/validator-zod": "^1.0.13",
     "@fontsource/inter": "^4.5.15",

diff --git a/packages/common/CHANGELOG.md b/packages/common/CHANGELOG.md
@@ -1,5 +1,17 @@
 # @ballerine/common
 
+## 0.9.30
+
+### Patch Changes
+
+- package sync
+
+## 0.9.29
+
+### Patch Changes
+
+- Added signing logic with crypt
+
 ## 0.9.28
 
 ### Patch Changes

diff --git a/packages/common/package.json b/packages/common/package.json
@@ -2,7 +2,7 @@
   "private": false,
   "name": "@ballerine/common",
   "author": "Ballerine <dev@ballerine.com>",
-  "version": "0.9.28",
+  "version": "0.9.30",
   "description": "common",
   "module": "./dist/esm/index.js",
   "main": "./dist/cjs/index.js",
@@ -76,11 +76,13 @@
     "ts-node": "^10.9.1",
     "typescript": "4.9.5",
     "vite": "^4.5.3",
-    "vitest": "^0.28.4"
+    "vitest": "^0.28.4",
+    "@types/crypto-js": "^4.2.2"
   },
   "dependencies": {
     "@sinclair/typebox": "0.32.15",
     "ajv": "^8.12.0",
+    "crypto-js": "^4.2.0",
     "dayjs": "^1.11.6",
     "json-schema-to-zod": "^0.6.3",
     "lodash.get": "^4.4.2",

diff --git a/packages/common/src/index.ts b/packages/common/src/index.ts
@@ -30,6 +30,8 @@ export {
   getSeverityFromRiskScore,
   booleanToYesOrNo,
   checkIsIsoDate,
+  sign,
+  computeHash,
 } from './utils';
 
 export type { IErrorWithMessage } from './utils';

diff --git a/packages/common/src/utils/index.ts b/packages/common/src/utils/index.ts
@@ -28,3 +28,4 @@ export { getSeverityFromRiskScore } from './get-severity-from-risk-score';
 export { valueOrNA } from './value-or-na';
 export { booleanToYesOrNo } from './boolean-to-yes-or-no';
 export { type IErrorWithMessage } from './is-error-with-message';
+export { sign, computeHash } from './sign';
diff --git a/packages/common/src/utils/sign/index.ts b/packages/common/src/utils/sign/index.ts
@@ -0,0 +1 @@
+export { sign, computeHash } from './sign';
diff --git a/packages/common/src/utils/sign/sign.ts b/packages/common/src/utils/sign/sign.ts
@@ -0,0 +1,15 @@
+import CryptoJS from 'crypto-js';
+
+export const sign = ({ payload, key }: { payload: unknown; key: string }) => {
+  if (!key) {
+    return 'UNSIGNED';
+  }
+
+  return CryptoJS.HmacSHA256(JSON.stringify(payload), key).toString(CryptoJS.enc.Hex);
+};
+
+export const computeHash = (data: unknown): string => {
+  const md5hash = CryptoJS.MD5(JSON.stringify(data));
+
+  return md5hash.toString(CryptoJS.enc.Hex);
+};
-export const computeHash = (data: unknown): string => {
-  const md5hash = CryptoJS.MD5(JSON.stringify(data));
-
-  return md5hash.toString(CryptoJS.enc.Hex);
-};
+export const computeHash = (data: Record<string, unknown>): string => {
+  const sha256hash = CryptoJS.SHA256(JSON.stringify(data));
+
+  return sha256hash.toString(CryptoJS.enc.Hex);
+};
-export const computeHash = (data: unknown): string => {
-  const md5hash = CryptoJS.MD5(JSON.stringify(data));
-
-  return md5hash.toString(CryptoJS.enc.Hex);
-};
+export const computeHash = (data: Record<string, unknown>): string => {
+  const sha256hash = CryptoJS.SHA256(JSON.stringify(data));
+
+  return sha256hash.toString(CryptoJS.enc.Hex);
+};
diff --git a/...e/src/common/utils/sign/sign.unit.test.ts → ...s/common/src/utils/sign/sign.unit.test.ts b/...e/src/common/utils/sign/sign.unit.test.ts → ...s/common/src/utils/sign/sign.unit.test.ts
@@ -1,4 +1,5 @@
 import { sign } from './sign';
+import { describe, expect, it } from 'vitest';
 
 const cases: Array<{
   name: string;
@@ -28,7 +29,7 @@ const cases: Array<{
 
 describe('sign', () => {
   describe.each(cases)('$name', ({ payload, differentPayload, expectedSignature }) => {
-    test('When signing a payload, it should return a signature', () => {
+    it('signing a payload, it should return a signature', () => {
       // Arrange
       const key = 'secret';
 
@@ -39,7 +40,7 @@ describe('sign', () => {
       expect(signature).toBe(expectedSignature);
     });
 
-    test('When signing the same payload with a different key, it should return a different signature', () => {
+    it('signing the same payload with a different key, it should return a different signature', () => {
       // Arrange
       const key1 = 'secret';
       const key2 = 'secret2';
@@ -52,7 +53,7 @@ describe('sign', () => {
       expect(signature1).not.toBe(signature2);
     });
 
-    test('When signing different payloads with the same key, it should return different signatures', () => {
+    it('signing different payloads with the same key, it should return different signatures', () => {
       // Arrange
       const key = 'secret';
 

diff --git a/packages/workflow-core/CHANGELOG.md b/packages/workflow-core/CHANGELOG.md
@@ -1,5 +1,19 @@
 # @ballerine/workflow-core
 
+## 0.6.41
+
+### Patch Changes
+
+- Updated dependencies
+  - @ballerine/common@0.9.30
+
+## 0.6.40
+
+### Patch Changes
+
+- Updated dependencies
+  - @ballerine/common@0.9.29
+
 ## 0.6.39
 
 ### Patch Changes

diff --git a/packages/workflow-core/package.json b/packages/workflow-core/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@ballerine/workflow-core",
   "author": "Ballerine <dev@ballerine.com>",
-  "version": "0.6.39",
+  "version": "0.6.41",
   "description": "workflow-core",
   "module": "./dist/esm/index.js",
   "main": "./dist/cjs/index.js",
@@ -31,7 +31,7 @@
     "node": ">=12"
   },
   "dependencies": {
-    "@ballerine/common": "0.9.28",
+    "@ballerine/common": "0.9.30",
     "ajv": "^8.12.0",
     "i18n-iso-countries": "^7.6.0",
     "jmespath": "^0.16.0",

diff --git a/packages/workflow-core/src/lib/plugins/external-plugin/webhook-plugin.ts b/packages/workflow-core/src/lib/plugins/external-plugin/webhook-plugin.ts
@@ -2,7 +2,7 @@ import { ApiPlugin } from './api-plugin';
 import { TContext } from '../../utils/types';
 import { IApiPluginParams } from './types';
 import { logger } from '../../logger';
-import { AnyRecord } from '@ballerine/common';
+import { AnyRecord, sign } from '@ballerine/common';
 
 export class WebhookPlugin extends ApiPlugin {
   public static pluginType = 'http';
@@ -30,7 +30,7 @@ export class WebhookPlugin extends ApiPlugin {
         urlWithoutPlaceholders,
         this.method,
         requestPayload,
-        await this.composeRequestHeaders(this.headers!, context),
+        await this.composeRequestSignedHeaders(this.headers!, context, requestPayload),
       );
 
       logger.log('Webhook Plugin - Received response', {
@@ -76,4 +76,30 @@ export class WebhookPlugin extends ApiPlugin {
 
     return {};
   }
+
+  async composeRequestSignedHeaders(
+    headers: HeadersInit,
+    context: TContext,
+    payload: AnyRecord | undefined,
+  ) {
+    const secrets = await this.secretsManager?.getAll();
+    const webhookSharedSecret = secrets?.['webhookSharedSecret'];
+
+    if (secrets && webhookSharedSecret) {
+      headers = {
+        ...headers,
+        'X-HMAC-Signature': sign({ payload, key: webhookSharedSecret }),
+      };
+    }
+
+    const headersEntries = await Promise.all(
+      Object.entries(headers).map(async header => [
+        header[0],
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
+        await this.replaceValuePlaceholders(header[1], context),
+      ]),
+    );
+
+    return Object.fromEntries(headersEntries);
+  }
 }