(secret: string, signature: string, body: string)
| 7 | const logger = createLogger('WebhookProvider:Calcom') |
| 8 | |
| 9 | function validateCalcomSignature(secret: string, signature: string, body: string): boolean { |
| 10 | try { |
| 11 | if (!secret || !signature || !body) { |
| 12 | logger.warn('Cal.com signature validation missing required fields', { |
| 13 | hasSecret: !!secret, |
| 14 | hasSignature: !!signature, |
| 15 | hasBody: !!body, |
| 16 | }) |
| 17 | return false |
| 18 | } |
| 19 | let providedSignature: string |
| 20 | if (signature.startsWith('sha256=')) { |
| 21 | providedSignature = signature.substring(7) |
| 22 | } else { |
| 23 | providedSignature = signature |
| 24 | } |
| 25 | const computedHash = hmacSha256Hex(body, secret) |
| 26 | logger.debug('Cal.com signature comparison', { |
| 27 | computedSignature: `${computedHash.substring(0, 10)}...`, |
| 28 | providedSignature: `${providedSignature.substring(0, 10)}...`, |
| 29 | computedLength: computedHash.length, |
| 30 | providedLength: providedSignature.length, |
| 31 | match: computedHash === providedSignature, |
| 32 | }) |
| 33 | return safeCompare(computedHash, providedSignature) |
| 34 | } catch (error) { |
| 35 | logger.error('Error validating Cal.com signature:', error) |
| 36 | return false |
| 37 | } |
| 38 | } |
| 39 | |
| 40 | export const calcomHandler: WebhookProviderHandler = { |
| 41 | verifyAuth: createHmacVerifier({ |
nothing calls this directly
no test coverage detected