module GitHub.Data.Webhooks.Validate (
isValidPayload
) where
import GitHub.Internal.Prelude
import Prelude ()
import Crypto.Hash (HMAC, SHA1, hmac, hmacGetDigest)
import Data.Byteable (constEqBytes, toBytes)
import Data.ByteString (ByteString)
import qualified Data.ByteString.Base16 as Hex
import qualified Data.Text.Encoding as TE
isValidPayload
:: Text
-> Maybe Text
-> ByteString
-> Bool
isValidPayload secret shaOpt payload = maybe False (constEqBytes sign) shaOptBS
where
shaOptBS = TE.encodeUtf8 <$> shaOpt
hexDigest = Hex.encode . toBytes . hmacGetDigest
hm = hmac (TE.encodeUtf8 secret) payload :: HMAC SHA1
sign = "sha1=" <> hexDigest hm