github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 12:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

line: centralize webhook signature validation

Browse Source
This commit is contained in:
Shadow
2026-01-26 19:10:11 -06:00
committed by Shadow
parent 3b8792ee29
commit e0dc49f287
4 changed files with 48 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/line/signature.test.ts Normal file
View File

@@ -0,0 +1,27 @@
import crypto from "node:crypto";
import { describe, expect, it } from "vitest";
import { validateLineSignature } from "./signature.js";
const sign = (body: string, secret: string) =>
crypto.createHmac("SHA256", secret).update(body).digest("base64");
describe("validateLineSignature", () => {
it("accepts valid signatures", () => {
const secret = "secret";
const rawBody = JSON.stringify({ events: [{ type: "message" }] });
expect(validateLineSignature(rawBody, sign(rawBody, secret), secret)).toBe(true);
});
it("rejects signatures computed with the wrong secret", () => {
const rawBody = JSON.stringify({ events: [{ type: "message" }] });
expect(validateLineSignature(rawBody, sign(rawBody, "wrong-secret"), "secret")).toBe(false);
});
it("rejects signatures with a different length", () => {
const rawBody = JSON.stringify({ events: [{ type: "message" }] });
expect(validateLineSignature(rawBody, "short", "secret")).toBe(false);
});
});