* Stripe-style signature: HMAC-SHA256 over `${unixSeconds}.${body}` rendered as * `t= ,v1= `. Verifiers reject stale timestamps (~5 min skew) * to block replay; we re-sign per attempt so long backoffs don't fall outside * that window.
(body: Buffer, secret: string, timestamp: number)
| 99 | * that window. |
| 100 | */ |
| 101 | function sign(body: Buffer, secret: string, timestamp: number): string { |
| 102 | const hmac = createHmac('sha256', secret).update(`${timestamp}.`).update(body).digest('hex') |
| 103 | return `t=${timestamp},${SIGNATURE_VERSION}=${hmac}` |
| 104 | } |
| 105 | |
| 106 | function isRetryableStatus(status: number): boolean { |
| 107 | return status === 408 || status === 429 || status >= 500 |