punn
punn•2y ago

Will NodeJS runtime in http.ts be supported?

I'm doing request validation for webhooks and need to use some libraries in http.ts I can't pass the request to the action since Fetch API objects aren't supported datatypes
10 Replies
ballingt
ballingt•2y ago
It's up for consideration, helpful to hear this. If you don't mind sharing, what libraries are these you need? Curious if we could make them work in the Convex runtime.
ian
ian•2y ago
In case it's helpful, @Michal Srb just put out a post [1] and repo [2] on working with Stripe, that includes using their validation library from http headers: [1]: https://stack.convex.dev/stripe-with-convex [2]: https://github.com/get-convex/convex-stripe-demo
Wake up, you need to make money! (ft. Stripe)
If you’re building a full-stack app, chances are you’ll want some of your users to pay you for the service you provide. How to use Stripe with Convex ...
GitHub
GitHub - get-convex/convex-stripe-demo: Demo showing integration be...
Demo showing integration between Convex and Stripe - GitHub - get-convex/convex-stripe-demo: Demo showing integration between Convex and Stripe
Michal Srb
Michal Srb•2y ago
The problem @punn seems to have is that we cannot pass the Request object directly through, which is true. Similar to @ballingt I'd be curious to hear what are the libraries that don't work in our default runtime, and whether they really need the original Request object. As a workaround you might be able to pass the contents of the Request object (depending on your needs) and construct a new instance inside the Node action.
punn
punnOP•2y ago
Most libraries offer ways to manually verify, just gets a bit messy when we're using several different webhook providers/services. The workaround for manual verification is extracting the header values and passing them to the actions, which is what we're doing rn. Our app is currently using Stripe WHs and Clerk WHs which are provided by svix: https://docs.svix.com/receiving/verifying-payloads/how-manual I think one library I'd really like to use in http.ts is crypto Everything else is nice to have
Michal Srb
Michal Srb•2y ago
I see, so Swix takes the Headers object: const payload = wh.verify(payload, headers); You could pass it from your HTTP Action to your Node action like this: In your HTTP Action:
runAction(internal.foo.bar, {
headers: Object.fromEntries(request.header.entries())
})
runAction(internal.foo.bar, {
headers: Object.fromEntries(request.header.entries())
})
In your Node action:
export const bar = internalAction((ctx, args) => {
const payload = wh.verify(payload, new Headers(args.headers));
});
export const bar = internalAction((ctx, args) => {
const payload = wh.verify(payload, new Headers(args.headers));
});
That said making dependencies like crypto work in our environment is on the top of our priority list, and that should unblock stripe, swix and others to be used directly in HTTP Actions. Stay tuned!
punn
punnOP•2y ago
runAction(internal.foo.bar, {
headers: Object.fromEntries(request.header.entries())
})
runAction(internal.foo.bar, {
headers: Object.fromEntries(request.header.entries())
})
Unfortunately doesn't work because of field names that contain a - Resorted to this
let signedContent =
request.headers.get("svix-id") +
"." +
request.headers.get("svix-timestamp") +
".";
const signature = request.headers.get("svix-signature") as string;
const body = await request.json();
signedContent += JSON.stringify(body);
let signedContent =
request.headers.get("svix-id") +
"." +
request.headers.get("svix-timestamp") +
".";
const signature = request.headers.get("svix-signature") as string;
const body = await request.json();
signedContent += JSON.stringify(body);
ballingt
ballingt•2y ago
If all you're doing is the svix validation, I found I can do that in a webhook alright: https://github.com/thomasballinger/convex-clerk-users-table/blob/main/convex/http.ts#L78
GitHub
convex-clerk-users-table/convex/http.ts at main · thomasballinger/c...
Contribute to thomasballinger/convex-clerk-users-table development by creating an account on GitHub.
ian
ian•2y ago
Great news! fields with - work in 0.19.0, so your first approach works for me .entries() didn't typecheck for me, but it worked when I cast it as any, not sure the right way to make headers into a POJO 🤔
punn
punnOP•2y ago
ahh ill give it a shot, thanks! hmm interesting let me try that again after updating. thanks tom
charlie
charlie•14mo ago
I managed to get request.headers.entries() to typecheck by adding this at the top of my file:
/// <reference lib="dom.iterable" />
/// <reference lib="dom.iterable" />
This thread was super helpful, I went through basically the same problem -- verifying a signed webhook using a Node.js library

Did you find this page helpful?