Matiss/xarticleaudio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support provider-accurate X webhook signatures

Browse Source
This commit is contained in:
Codex
2026-02-18 15:29:29 +00:00
parent f672677d4f
commit fa5fa72615
4 changed files with 93 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
test/app.test.js
View File

@@ -3,7 +3,7 @@
const test = require("node:test");
const assert = require("node:assert/strict");
const { buildApp } = require("../src/app");
const { hmacSHA256Hex } = require("../src/lib/signature");
const { hmacSHA256Hex, hmacSHA256Base64 } = require("../src/lib/signature");
function getTestCookieValue(cookieHeader, name) {
const parts = String(cookieHeader || "").split(";").map((part) => part.trim());
@@ -698,6 +698,33 @@ test("X webhook invalid signature is rejected", async () => {
assert.equal(response.status, 401);
});
test("X webhook accepts x-twitter-webhooks-signature header", async () => {
const app = createApp();
await postJSONWebhook(app, "/api/webhooks/polar", { userId: "u1", credits: 4, eventId: "evt-twitter-sig" }, "polar-secret");
const payload = {
mentionPostId: "m-twitter-header",
callerUserId: "u1",
parentPost: {
id: "p1",
authorId: "author",
article: { id: "a1", title: "T", body: "body text" },
},
};
const rawBody = JSON.stringify(payload);
const signature = hmacSHA256Base64(rawBody, "x-secret");
const response = await call(app, {
method: "POST",
path: "/api/webhooks/x",
headers: { "x-twitter-webhooks-signature": `sha256=${signature}` },
body: rawBody,
});
assert.equal(response.status, 200);
assert.equal(JSON.parse(response.body).status, "completed");
});
test("X webhook valid flow processes article", async () => {
const app = createApp();

18
test/signature.test.js
View File

@@ -2,7 +2,7 @@
const test = require("node:test");
const assert = require("node:assert/strict");
const { hmacSHA256Hex, verifySignature } = require("../src/lib/signature");
const { hmacSHA256Hex, hmacSHA256Base64, verifySignature } = require("../src/lib/signature");
test("verifies valid signature", () => {
const payload = JSON.stringify({ hello: "world" });
@@ -31,3 +31,19 @@ test("rejects missing signature", () => {
assert.equal(verifySignature({ payload, secret, signature: "" }), false);
});
test("verifies valid base64 signature", () => {
const payload = JSON.stringify({ hello: "world" });
const secret = "topsecret";
const sig = hmacSHA256Base64(payload, secret);
assert.equal(
verifySignature({
payload,
secret,
signature: `sha256=${sig}`,
encoding: "base64",
}),
true,
);
});