-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathProgram.cs
More file actions
58 lines (44 loc) · 1.67 KB
/
Program.cs
File metadata and controls
58 lines (44 loc) · 1.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
using System.Security.Cryptography;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
const string HOOKDECK_SIGNATURE_HEADER = "X-Hookdeck-Signature";
const string HOOKDECK_WEBHOOK_SECRET_CONFIG_KEY = "inbound:HookdeckWebhookSecret";
string WEBHOOK_SECRET = builder.Configuration[HOOKDECK_WEBHOOK_SECRET_CONFIG_KEY] ?? string.Empty;
static bool VerifyHmacWebhookSignature(HttpContext context, string webhookSecret, string rawBody)
{
if(string.IsNullOrEmpty(webhookSecret))
{
Console.WriteLine("WARNING: Missing webhook secret. Skipping verification.");
return true;
}
string? hmacHeader = context.Request.Headers[HOOKDECK_SIGNATURE_HEADER].FirstOrDefault();
if (string.IsNullOrEmpty(hmacHeader))
{
Console.WriteLine("Missing HMAC headers");
return false;
}
HMACSHA256 hmac = new(Encoding.UTF8.GetBytes(webhookSecret));
string hash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawBody)));
return hash.Equals(hmacHeader);
}
app.MapPost("/{**path}", async (string? path, HttpContext context) =>
{
using StreamReader reader = new StreamReader(context.Request.Body);
string rawBody = await reader.ReadToEndAsync();
bool verified = VerifyHmacWebhookSignature(context, WEBHOOK_SECRET, rawBody);
if(!verified)
{
return Results.Unauthorized();
}
Console.WriteLine(new
{
webhook_received = DateTime.UtcNow.ToString("o"),
body = rawBody
});
return Results.Json(new {
STATUS = "ACCEPTED"
});
});
app.UseRouting();
app.Run();