View Source TalkJS.Webhook (talkjs v0.1.0)
This module provides a function for verifying webhook signatures.
See https://hexdocs.pm/plug/Plug.Parsers.html#module-custom-body-reader on how to read the raw request body in a Plug pipeline.
Summary
Functions
Verify the signature of a webhook request.
Functions
Link to this function
verify(received_signature, raw_post_body, timestamp, secret_key, opts \\ [])
View Source@spec verify( received_signature :: String.t(), raw_post_body :: String.t(), timestamp :: integer(), secret_key :: String.t(), opts :: Keyword.t() ) :: :ok | {:error, term()}
Verify the signature of a webhook request.
Options
:now
- Timestamp in milliseconds. Defaults toSystem.system_time(:millisecond)
:tolerance
- Tolerance in seconds. Defaults to 300 seconds.
Examples
iex> TalkJS.Webhook.verify("B7A1EEE018DD10159EADFF74E7E324DFCD5600F35D4744F440B892507724DBA0", raw_body(), 1663417005267, "sk_abc", [now: 1663417005268])
:ok
iex> TalkJS.Webhook.verify("B7A1EEE018DD10159EADFF74E7E324DFCD5600F35D4744F440B892507724DBA0", raw_body(), 1663417005267, "sk_abc", [now: 1603417005268])
{:error, "Timestamp outside the tolerance zone"}
iex> TalkJS.Webhook.verify("bogus", raw_body(), 1663417005267, "sk_abc", [now: 1663417005268])
{:error, "Signature did not match expected signature"}