* Verify webhook signature
(payload, signature, secret)
| 48 | * Verify webhook signature |
| 49 | */ |
| 50 | function verifySignature(payload, signature, secret) { |
| 51 | if (!signature) return false; |
| 52 | |
| 53 | const expectedSignature = crypto |
| 54 | .createHmac('sha256', secret) |
| 55 | .update(JSON.stringify(payload)) |
| 56 | .digest('hex'); |
| 57 | |
| 58 | return signature === expectedSignature; |
| 59 | } |
| 60 | |
| 61 | /** |
| 62 | * Main webhook endpoint |