Verify inbound webhook signatures and build control-mode reply bodies.
Everything here is local — no network call. verify_webhook/4 is an HMAC-SHA256
check over the raw request body; the reply_* helpers return the exact JSON
strings a webhook handler returns to acknowledge or control an event.
Summary
Functions
Tell MailKite to block the sender: {"status":"ok","actions":[{"type":"block-sender"}]}.
Tell MailKite to drop (discard) the message: {"status":"drop"}.
Acknowledge an event: the JSON string {"status":"ok"}.
Tell MailKite to mark the message as spam: {"status":"spam"}.
Report whether signature (the x-mailkite-signature header, t=…,v1=…) is
valid for payload (the raw, unparsed request body) under secret.
Functions
@spec reply_block_sender() :: String.t()
Tell MailKite to block the sender: {"status":"ok","actions":[{"type":"block-sender"}]}.
@spec reply_drop() :: String.t()
Tell MailKite to drop (discard) the message: {"status":"drop"}.
@spec reply_ok() :: String.t()
Acknowledge an event: the JSON string {"status":"ok"}.
@spec reply_spam() :: String.t()
Tell MailKite to mark the message as spam: {"status":"spam"}.
Report whether signature (the x-mailkite-signature header, t=…,v1=…) is
valid for payload (the raw, unparsed request body) under secret.
Rejects events older than tolerance_ms milliseconds (default 5 minutes) to
block replays; pass 0 to disable the freshness check. Uses a constant-time
comparison.