27 lines
763 B
Go
27 lines
763 B
Go
package hyperswitch
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha512"
|
|
"encoding/hex"
|
|
"errors"
|
|
)
|
|
|
|
// VerifyWebhookSignature verifies the Hyperswitch webhook signature.
|
|
// Uses HMAC-SHA512 with the payload and secret (payment_response_hash_key).
|
|
// Header: x-webhook-signature-512
|
|
func VerifyWebhookSignature(payload []byte, signatureHeader, secret string) error {
|
|
if secret == "" {
|
|
return errors.New("webhook secret not configured")
|
|
}
|
|
if signatureHeader == "" {
|
|
return errors.New("missing x-webhook-signature-512 header")
|
|
}
|
|
mac := hmac.New(sha512.New, []byte(secret))
|
|
mac.Write(payload)
|
|
expected := hex.EncodeToString(mac.Sum(nil))
|
|
if !hmac.Equal([]byte(signatureHeader), []byte(expected)) {
|
|
return errors.New("invalid webhook signature")
|
|
}
|
|
return nil
|
|
}
|