"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.computeWebhookSignature = computeWebhookSignature; exports.verifyWebhookSignature = verifyWebhookSignature; const crypto_1 = require("crypto"); function computeWebhookSignature(secret, payload, algorithm = 'sha256', encoding = 'hex') { return (0, crypto_1.createHmac)(algorithm, secret).update(payload, 'utf8').digest(encoding); } function verifyWebhookSignature(options) { const { secret, payload, signature, algorithm = 'sha256', encoding = 'hex' } = options; if (!secret || !signature) return false; const expected = computeWebhookSignature(secret, payload, algorithm, encoding); const provided = signature.startsWith('sha256=') || signature.startsWith('sha512=') ? signature.split('=')[1] ?? '' : signature; try { const a = Buffer.from(expected, encoding); const b = Buffer.from(provided, encoding); if (a.length !== b.length) return false; return (0, crypto_1.timingSafeEqual)(a, b); } catch { return false; } }