* Validates a Notion webhook signature using HMAC SHA-256. * Notion sends X-Notion-Signature as "sha256= ".
(secret: string, signature: string, body: string)
| 17 | * Notion sends X-Notion-Signature as "sha256=<hex>". |
| 18 | */ |
| 19 | function validateNotionSignature(secret: string, signature: string, body: string): boolean { |
| 20 | try { |
| 21 | if (!secret || !signature || !body) { |
| 22 | logger.warn('Notion signature validation missing required fields', { |
| 23 | hasSecret: !!secret, |
| 24 | hasSignature: !!signature, |
| 25 | hasBody: !!body, |
| 26 | }) |
| 27 | return false |
| 28 | } |
| 29 | |
| 30 | const providedHash = signature.startsWith('sha256=') ? signature.slice(7) : signature |
| 31 | const computedHash = hmacSha256Hex(body, secret) |
| 32 | |
| 33 | logger.debug('Notion signature comparison', { |
| 34 | computedSignature: `${computedHash.substring(0, 10)}...`, |
| 35 | providedSignature: `${providedHash.substring(0, 10)}...`, |
| 36 | computedLength: computedHash.length, |
| 37 | providedLength: providedHash.length, |
| 38 | match: computedHash === providedHash, |
| 39 | }) |
| 40 | |
| 41 | return safeCompare(computedHash, providedHash) |
| 42 | } catch (error) { |
| 43 | logger.error('Error validating Notion signature:', error) |
| 44 | return false |
| 45 | } |
| 46 | } |
| 47 | |
| 48 | export const notionHandler: WebhookProviderHandler = { |
| 49 | verifyAuth: createHmacVerifier({ |
nothing calls this directly
no test coverage detected