Files
smom-dbis-138/packages/integration-foundation/dist/webhooks/verifySignature.js

28 lines
1.1 KiB
JavaScript
Raw Normal View History

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.computeWebhookSignature = computeWebhookSignature;
exports.verifyWebhookSignature = verifyWebhookSignature;
const crypto_1 = require("crypto");
function computeWebhookSignature(secret, payload, algorithm = 'sha256', encoding = 'hex') {
return (0, crypto_1.createHmac)(algorithm, secret).update(payload, 'utf8').digest(encoding);
}
function verifyWebhookSignature(options) {
const { secret, payload, signature, algorithm = 'sha256', encoding = 'hex' } = options;
if (!secret || !signature)
return false;
const expected = computeWebhookSignature(secret, payload, algorithm, encoding);
const provided = signature.startsWith('sha256=') || signature.startsWith('sha512=')
? signature.split('=')[1] ?? ''
: signature;
try {
const a = Buffer.from(expected, encoding);
const b = Buffer.from(provided, encoding);
if (a.length !== b.length)
return false;
return (0, crypto_1.timingSafeEqual)(a, b);
}
catch {
return false;
}
}