{
  "version": 3,
  "sources": ["../dist-src/index.js", "../dist-src/node/sign.js", "../dist-src/types.js", "../dist-src/version.js", "../dist-src/node/verify.js", "../dist-src/utils.js"],
  "sourcesContent": ["import { sign } from \"./node/sign\";\nimport { verify } from \"./node/verify\";\nasync function verifyWithFallback(secret, payload, signature, additionalSecrets) {\n  const firstPass = await verify(secret, payload, signature);\n  if (firstPass) {\n    return true;\n  }\n  if (additionalSecrets !== void 0) {\n    for (const s of additionalSecrets) {\n      const v = await verify(s, payload, signature);\n      if (v) {\n        return v;\n      }\n    }\n  }\n  return false;\n}\nexport {\n  sign,\n  verify,\n  verifyWithFallback\n};\n", "import { createHmac } from \"crypto\";\nimport { Algorithm } from \"../types\";\nimport { VERSION } from \"../version\";\nasync function sign(options, payload) {\n  const { secret, algorithm } = typeof options === \"object\" ? {\n    secret: options.secret,\n    algorithm: options.algorithm || Algorithm.SHA256\n  } : { secret: options, algorithm: Algorithm.SHA256 };\n  if (!secret || !payload) {\n    throw new TypeError(\n      \"[@octokit/webhooks-methods] secret & payload required for sign()\"\n    );\n  }\n  if (!Object.values(Algorithm).includes(algorithm)) {\n    throw new TypeError(\n      `[@octokit/webhooks] Algorithm ${algorithm} is not supported. Must be  'sha1' or 'sha256'`\n    );\n  }\n  return `${algorithm}=${createHmac(algorithm, secret).update(payload).digest(\"hex\")}`;\n}\nsign.VERSION = VERSION;\nexport {\n  sign\n};\n", "var Algorithm = /* @__PURE__ */ ((Algorithm2) => {\n  Algorithm2[\"SHA1\"] = \"sha1\";\n  Algorithm2[\"SHA256\"] = \"sha256\";\n  return Algorithm2;\n})(Algorithm || {});\nexport {\n  Algorithm\n};\n", "const VERSION = \"4.0.0\";\nexport {\n  VERSION\n};\n", "import { timingSafeEqual } from \"crypto\";\nimport { Buffer } from \"buffer\";\nimport { sign } from \"./sign\";\nimport { VERSION } from \"../version\";\nimport { getAlgorithm } from \"../utils\";\nasync function verify(secret, eventPayload, signature) {\n  if (!secret || !eventPayload || !signature) {\n    throw new TypeError(\n      \"[@octokit/webhooks-methods] secret, eventPayload & signature required\"\n    );\n  }\n  const signatureBuffer = Buffer.from(signature);\n  const algorithm = getAlgorithm(signature);\n  const verificationBuffer = Buffer.from(\n    await sign({ secret, algorithm }, eventPayload)\n  );\n  if (signatureBuffer.length !== verificationBuffer.length) {\n    return false;\n  }\n  return timingSafeEqual(signatureBuffer, verificationBuffer);\n}\nverify.VERSION = VERSION;\nexport {\n  verify\n};\n", "const getAlgorithm = (signature) => {\n  return signature.startsWith(\"sha256=\") ? \"sha256\" : \"sha1\";\n};\nexport {\n  getAlgorithm\n};\n"],
  "mappings": ";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,oBAA2B;;;ACA3B,IAAI,YAA6B,kBAAC,eAAe;AAC/C,aAAW,MAAM,IAAI;AACrB,aAAW,QAAQ,IAAI;AACvB,SAAO;AACT,GAAG,aAAa,CAAC,CAAC;;;ACJlB,IAAM,UAAU;;;AFGhB,eAAe,KAAK,SAAS,SAAS;AACpC,QAAM,EAAE,QAAQ,UAAU,IAAI,OAAO,YAAY,WAAW;AAAA,IAC1D,QAAQ,QAAQ;AAAA,IAChB,WAAW,QAAQ,aAAa,UAAU;AAAA,EAC5C,IAAI,EAAE,QAAQ,SAAS,WAAW,UAAU,OAAO;AACnD,MAAI,CAAC,UAAU,CAAC,SAAS;AACvB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,OAAO,OAAO,SAAS,EAAE,SAAS,SAAS,GAAG;AACjD,UAAM,IAAI;AAAA,MACR,iCAAiC;AAAA,IACnC;AAAA,EACF;AACA,SAAO,GAAG,iBAAa,0BAAW,WAAW,MAAM,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AACnF;AACA,KAAK,UAAU;;;AGpBf,IAAAA,iBAAgC;AAChC,oBAAuB;;;ACDvB,IAAM,eAAe,CAAC,cAAc;AAClC,SAAO,UAAU,WAAW,SAAS,IAAI,WAAW;AACtD;;;ADGA,eAAe,OAAO,QAAQ,cAAc,WAAW;AACrD,MAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,WAAW;AAC1C,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,kBAAkB,qBAAO,KAAK,SAAS;AAC7C,QAAM,YAAY,aAAa,SAAS;AACxC,QAAM,qBAAqB,qBAAO;AAAA,IAChC,MAAM,KAAK,EAAE,QAAQ,UAAU,GAAG,YAAY;AAAA,EAChD;AACA,MAAI,gBAAgB,WAAW,mBAAmB,QAAQ;AACxD,WAAO;AAAA,EACT;AACA,aAAO,gCAAgB,iBAAiB,kBAAkB;AAC5D;AACA,OAAO,UAAU;;;AJnBjB,eAAe,mBAAmB,QAAQ,SAAS,WAAW,mBAAmB;AAC/E,QAAM,YAAY,MAAM,OAAO,QAAQ,SAAS,SAAS;AACzD,MAAI,WAAW;AACb,WAAO;AAAA,EACT;AACA,MAAI,sBAAsB,QAAQ;AAChC,eAAW,KAAK,mBAAmB;AACjC,YAAM,IAAI,MAAM,OAAO,GAAG,SAAS,SAAS;AAC5C,UAAI,GAAG;AACL,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;",
  "names": ["import_crypto"]
}