(secret: string, signature: string, body: string)
| 104 | } |
| 105 | |
| 106 | function validateWhatsAppSignature(secret: string, signature: string, body: string): boolean { |
| 107 | try { |
| 108 | if (!signature.startsWith('sha256=')) { |
| 109 | logger.warn('WhatsApp signature has invalid format') |
| 110 | return false |
| 111 | } |
| 112 | |
| 113 | const providedSignature = signature.substring(7) |
| 114 | const computedSignature = hmacSha256Hex(body, secret) |
| 115 | |
| 116 | return safeCompare(computedSignature, providedSignature) |
| 117 | } catch (error) { |
| 118 | logger.error('Error validating WhatsApp signature:', error) |
| 119 | return false |
| 120 | } |
| 121 | } |
| 122 | |
| 123 | function buildWhatsAppIdempotencyKey(keys: Set<string>): string | null { |
| 124 | if (keys.size === 0) { |
no test coverage detected