class Attio::Util::WebhookSignature

def verify!(payload:, signature:, timestamp:, secret:, tolerance: TOLERANCE_SECONDS)

Verify webhook signature (raises exception on failure)

def verify!(payload:, signature:, timestamp:, secret:, tolerance: TOLERANCE_SECONDS)
  validate_inputs!(payload, signature, timestamp, secret)
  # Check timestamp to prevent replay attacks
  verify_timestamp!(timestamp, tolerance)
  # Calculate expected signature
  expected_signature = calculate_signature(payload, timestamp, secret)
  # Constant-time comparison to prevent timing attacks
  raise SignatureVerificationError, "Invalid signature" unless secure_compare(signature, expected_signature)
rescue => e
  raise SignatureVerificationError, "Webhook signature verification failed: #{e.message}"
end

Instance Methods

# calculate_signature
# extract_from_headers
# secure_compare
# validate_inputs!
# verify
# verify!
# verify_timestamp!

Modules

Classes

class Attio::Util::WebhookSignature

def verify!(payload:, signature:, timestamp:, secret:, tolerance: TOLERANCE_SECONDS)

Instance Methods