54 lines
1.4 KiB
JavaScript
54 lines
1.4 KiB
JavaScript
import express from "express";
|
|
import crypto from "crypto";
|
|
|
|
const SERVER_PORT = 5080;
|
|
const OPENVIDU_MEET_API_KEY = "meet-api-key";
|
|
const MAX_WEBHOOK_AGE = 120 * 1000; // 2 minutes in milliseconds
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
|
|
app.post("/webhook", (req, res) => {
|
|
const body = req.body;
|
|
const headers = req.headers;
|
|
|
|
if (!isWebhookEventValid(body, headers)) {
|
|
console.error("Invalid webhook signature");
|
|
return res.status(401).send("Invalid webhook signature");
|
|
}
|
|
|
|
console.log("Webhook received:", body);
|
|
res.status(200).send();
|
|
});
|
|
|
|
app.listen(SERVER_PORT, () =>
|
|
console.log("Webhook server listening on port " + SERVER_PORT)
|
|
);
|
|
|
|
function isWebhookEventValid(body, headers) {
|
|
const signature = headers["x-signature"];
|
|
const timestamp = parseInt(headers["x-timestamp"], 10);
|
|
|
|
if (!signature || !timestamp || isNaN(timestamp)) {
|
|
return false;
|
|
}
|
|
|
|
const current = Date.now();
|
|
const diffTime = current - timestamp;
|
|
if (diffTime >= MAX_WEBHOOK_AGE) {
|
|
// Webhook event too old
|
|
return false;
|
|
}
|
|
|
|
const signedPayload = `${timestamp}.${JSON.stringify(body)}`;
|
|
const expectedSignature = crypto
|
|
.createHmac("sha256", OPENVIDU_MEET_API_KEY)
|
|
.update(signedPayload, "utf8")
|
|
.digest("hex");
|
|
|
|
return crypto.timingSafeEqual(
|
|
Buffer.from(expectedSignature, "hex"),
|
|
Buffer.from(signature, "hex")
|
|
);
|
|
}
|