livery_stripe_webhook (livery_stripe v0.1.0)

View Source

Verify and decode Stripe webhook events, the equivalent of stripe.Webhook.construct_event.

The signature lives in the Stripe-Signature header (t=<ts>,v1=<hex>[,v1=...]). We recompute HMAC-SHA256(secret, "<ts>.<raw_body>") and compare it, in constant time, against each v1. The timestamp must be within tolerance seconds (default 300) of now to defeat replay.

CRITICAL: pass the RAW request body bytes, exactly as received. Any re-encoding (decoding then re-serializing JSON) changes the bytes and the signature will not match.

Summary

Types

error()

Functions

construct_event(Payload, SigHeader, Secret)
construct_event(Payload, SigHeader, Secret, Opts)

Opts: tolerance (seconds, default 300; 0 disables the timestamp check) and now (unix seconds, for testing).

Types

error()

-type error() :: invalid_signature | invalid_payload | timestamp_out_of_tolerance.

Functions

construct_event(Payload, SigHeader, Secret)

-spec construct_event(iodata(), binary() | undefined, iodata()) -> {ok, map()} | {error, error()}.

construct_event(Payload, SigHeader, Secret, Opts)

-spec construct_event(iodata(), binary() | undefined, iodata(), map()) -> {ok, map()} | {error, error()}.

Opts: tolerance (seconds, default 300; 0 disables the timestamp check) and now (unix seconds, for testing).