77 lines
1.6 KiB
Go
77 lines
1.6 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"crypto/subtle"
|
|
"encoding/hex"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
const (
|
|
serverPort = "5080"
|
|
maxWebhookAge = 120 * 1000 // 2 minutes in milliseconds
|
|
openviduMeetApiKey = "meet-api-key"
|
|
)
|
|
|
|
func main() {
|
|
router := gin.Default()
|
|
router.POST("/webhook", handleWebhook)
|
|
router.Run(":" + serverPort)
|
|
}
|
|
|
|
func handleWebhook(c *gin.Context) {
|
|
bodyBytes, err := io.ReadAll(c.Request.Body)
|
|
if err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Failed to read request body"})
|
|
return
|
|
}
|
|
|
|
if !isWebhookEventValid(bodyBytes, c.Request.Header) {
|
|
log.Println("Invalid webhook signature")
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid webhook signature"})
|
|
return
|
|
}
|
|
|
|
log.Println("Webhook received:", string(bodyBytes))
|
|
c.Status(http.StatusOK)
|
|
}
|
|
|
|
func isWebhookEventValid(bodyBytes []byte, headers http.Header) bool {
|
|
signature := headers.Get("x-signature")
|
|
tsStr := headers.Get("x-timestamp")
|
|
if signature == "" || tsStr == "" {
|
|
return false
|
|
}
|
|
|
|
timestamp, err := strconv.ParseInt(tsStr, 10, 64)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
current := time.Now().UnixMilli()
|
|
diffTime := current - timestamp
|
|
if diffTime >= maxWebhookAge {
|
|
return false
|
|
}
|
|
|
|
signedPayload := tsStr + "." + string(bodyBytes)
|
|
|
|
mac := hmac.New(sha256.New, []byte(openviduMeetApiKey))
|
|
mac.Write([]byte(signedPayload))
|
|
expected := mac.Sum(nil)
|
|
|
|
actual, err := hex.DecodeString(signature)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return subtle.ConstantTimeCompare(expected, actual) == 1
|
|
}
|