* Sentry signs webhooks with the Internal Integration's Client Secret using * HMAC-SHA256 over the raw request body, delivered in the * `sentry-hook-signature` header as a hex digest. * * @see https://docs.sentry.io/organization/integrations/integration-platform/webhooks/
(secret: string, signature: string, body: string)
| 19 | * @see https://docs.sentry.io/organization/integrations/integration-platform/webhooks/ |
| 20 | */ |
| 21 | function validateSentrySignature(secret: string, signature: string, body: string): boolean { |
| 22 | try { |
| 23 | if (!secret || !signature || !body) { |
| 24 | return false |
| 25 | } |
| 26 | const computedHash = hmacSha256Hex(body, secret) |
| 27 | return safeCompare(computedHash, signature) |
| 28 | } catch (error) { |
| 29 | logger.error('Error validating Sentry signature:', error) |
| 30 | return false |
| 31 | } |
| 32 | } |
| 33 | |
| 34 | /** Header carrying the resource type that triggered the webhook. */ |
| 35 | const SENTRY_RESOURCE_HEADER = 'sentry-hook-resource' |
nothing calls this directly
no test coverage detected