v0.9.2

What's Changed

• rename finalBlocksOnly by @DenisCarriere in #27

Full Changelog: v0.9.1...v0.9.2

v0.9.1

• remove pm2 from start

v0.9.0

• improve cursor handling on restart or error
• improve logging
• add pm2 to start

v0.8.6

What's Changed

• fix schemas export by @DenisCarriere in #23
• make --private-key optional by @DenisCarriere in #24

Full Changelog: v0.8.4...v0.8.6

v0.8.4

• fix: allow TweetNaCl private key format
• fix: if DISABLE_SIGNATURE=true don't check if private key exists
• export schemas

import { ManifestSchema } from "substreams-sink-webhook/schemas"

What's Changed

• Improve keypair handling by @DenisCarriere in #22
• export schemas cfc2b81

Full Changelog: v0.8.0...v0.8.4

v0.8.0

Performance increase

A significant improvement replacing tweetnacl with @noble/curves

• sign: 6.5x faster
• verify: 2.5x faster

What's Breaking?

• Rename env SECRET_KEY => PRIVATE_KEY
• Secret key is 64 char length (using @noble/curves ) long instead of 128 (using tweetnacl)
• Remove cached sign
• Signature the same as Discord Authorization
  • https://discord.com/developers/docs/interactions/receiving-and-responding#security-and-authorization

What's new?

• update substreams-sink
  • improved inactivity handling
• add new webhook CLI flags
  • disablePing
  • disableSignature
  • maximumAttempt
• Add more test cases for sign & verify
• add /keypair as HTTP endpoint

Tweetnacl

const nacl = require("tweetnacl");

// Your public key can be found on your application in the Developer Portal
const PUBLIC_KEY = "APPLICATION_PUBLIC_KEY";

const signature = req.get("X-Signature-Ed25519");
const timestamp = req.get("X-Signature-Timestamp");
const body = req.rawBody; // rawBody is expected to be a string, not raw bytes

const isVerified = nacl.sign.detached.verify(
    Buffer.from(timestamp + body),
    Buffer.from(signature, "hex"),
    Buffer.from(PUBLIC_KEY, "hex")
);

if (!isVerified) {
    return res.status(401).end("invalid request signature");
}

@noble/curves

import { ed25519 } from "@noble/curves/ed25519.js";

// validate signature using public key
const isVerified = ed25519.verify(
  signature,
  Buffer.from(timestamp + body),
  PUBLIC_KEY,
);

.env

# Webhook
PRIVATE_KEY=<Ed25519 Private Key>
WEBHOOK_URL=http://127.0.0.1:3000
PORT=9102

# Get Substreams API Key
# https://app.pinax.network
# https://app.streamingfast.io/
SUBSTREAMS_API_KEY=<Substreams API Token @ https://pinax.network>
SUBSTREAMS_ENDPOINT=https://eth.substreams.pinax.network:443

# Substreams Package (*.spkg)
MANIFEST=https://github.com/pinax-network/substreams/releases/download/blocks-v0.1.0/blocks-v0.1.0.spkg
MODULE_NAME=map_blocks
START_BLOCK=-10
PRODUCTION_MODE=true

# Webhook (Optional)
DISABLE_PING=false
DISABLE_SIGNATURE=false
VERBOSE=true
MAXIMUM_ATTEMPTS=100

What's Changed

• Performance increase to sign & verify signature by @DenisCarriere in #20
• expose keypair as HTTP endpoint by @DenisCarriere in #21

New Contributors

• @DenisCarriere made their first contribution in #20

Full Changelog: v0.7.5...v0.8.0

v0.7.5

What's changed

• changed generic schemas to factories

v0.7.4

What's Changed

• Add database changes to body schema by @JulienR1 in #19

Full Changelog: v0.7.3...v0.7.4

v0.7.3

• bump release https://github.com/pinax-network/substreams-sink/releases/tag/v0.13.4

v0.7.2

• export BodySchema to substreams-sink-webhook/auth