-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathWebhookVerifier.php
More file actions
42 lines (37 loc) · 1.22 KB
/
WebhookVerifier.php
File metadata and controls
42 lines (37 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
namespace Fingerprint\ServerAPI\Webhook;
/**
* Verifies Fingerprint webhook signature.
*/
final class WebhookVerifier
{
/**
* Checks whether the webhook signature header is valid for the given data and secret.
*
* @param string $header comma-separated list of versioned signatures
* @param string $data raw webhook request body
* @param string $secret webhook signing secret
*/
public static function IsValidWebhookSignature(string $header, string $data, string $secret): bool
{
$signatures = explode(',', $header);
foreach ($signatures as $signature) {
$parts = explode('=', $signature);
if (2 === count($parts) && 'v1' === $parts[0]) {
$hash = $parts[1];
if (self::checkSignature($hash, $data, $secret)) {
return true;
}
}
}
return false;
}
/**
* Compares the given signature against an HMAC-SHA256 hash of the data.
*/
private static function checkSignature(string $signature, string $data, string $secret): bool
{
$hash = hash_hmac('sha256', $data, $secret);
return hash_equals($hash, $signature);
}
}