docs: use bytes[] input for Webhook signature validation, use better syntax

ilfa · ilfa · commit d4ea26857744 · 2024-08-26T16:51:43.000+02:00
diff --git a/README.md b/README.md
@@ -242,24 +242,23 @@ This SDK provides utility method for verifying the HMAC signature of the incomin
 class WebhookController {
 
     @PostMapping("/api/webhook")
-    @ResponseBody
-    public ResponseEntity<String> webhookHandler(@RequestBody String webhook, @RequestHeader HttpHeaders headers) {
+    public ResponseEntity<String> webhookHandler(@RequestBody byte[] webhook, @RequestHeader HttpHeaders headers) {
         final String secret = System.getenv("WEBHOOK_SIGNATURE_SECRET");
         if (secret == null || secret.isEmpty()) {
-            return new ResponseEntity<String>("Secret key is not configured", HttpStatus.INTERNAL_SERVER_ERROR);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Secret key is not configured");
         }
 
         final String signature = headers.getFirst("fpjs-event-signature");
         if (signature == null || signature.isEmpty()) {
-            return new ResponseEntity<String>("Missing fpjs-event-signature header", HttpStatus.BAD_REQUEST);
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Missing fpjs-event-signature header");
         }
 
-        final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook.getBytes(StandardCharsets.UTF_8), secret);
+        final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook, secret);
         if (!isValidSignature) {
-            return new ResponseEntity<String>("Webhook signature is not valid", HttpStatus.BAD_REQUEST);
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Webhook signature is not valid");
         }
 
-        return new ResponseEntity<String>("Webhook received", HttpStatus.OK);
+        return ResponseEntity.ok("Webhook received");
     }
 }
 ```
diff --git a/template/README.mustache b/template/README.mustache
@@ -269,24 +269,23 @@ This SDK provides utility method for verifying the HMAC signature of the incomin
 class WebhookController {
 
     @PostMapping("/api/webhook")
-    @ResponseBody
-    public ResponseEntity<String> webhookHandler(@RequestBody String webhook, @RequestHeader HttpHeaders headers) {
+    public ResponseEntity<String> webhookHandler(@RequestBody byte[] webhook, @RequestHeader HttpHeaders headers) {
         final String secret = System.getenv("WEBHOOK_SIGNATURE_SECRET");
         if (secret == null || secret.isEmpty()) {
-            return new ResponseEntity<String>("Secret key is not configured", HttpStatus.INTERNAL_SERVER_ERROR);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Secret key is not configured");
         }
 
         final String signature = headers.getFirst("fpjs-event-signature");
         if (signature == null || signature.isEmpty()) {
-            return new ResponseEntity<String>("Missing fpjs-event-signature header", HttpStatus.BAD_REQUEST);
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Missing fpjs-event-signature header");
         }
 
-        final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook.getBytes(StandardCharsets.UTF_8), secret);
+        final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook, secret);
         if (!isValidSignature) {
-            return new ResponseEntity<String>("Webhook signature is not valid", HttpStatus.BAD_REQUEST);
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Webhook signature is not valid");
         }
 
-        return new ResponseEntity<String>("Webhook received", HttpStatus.OK);
+        return ResponseEntity.ok("Webhook received");
     }
 }
 ```

Original file line number	Diff line number	Diff line change
`@@ -242,24 +242,23 @@ This SDK provides utility method for verifying the HMAC signature of the incomin`
`242`	`242`	`class WebhookController {`
`243`	`243`
`244`	`244`	`@PostMapping("/api/webhook")`
`245`		`- @ResponseBody`
`246`		`- public ResponseEntity<String> webhookHandler(@RequestBody String webhook, @RequestHeader HttpHeaders headers) {`
	`245`	`+ public ResponseEntity<String> webhookHandler(@RequestBody byte[] webhook, @RequestHeader HttpHeaders headers) {`
`247`	`246`	`final String secret = System.getenv("WEBHOOK_SIGNATURE_SECRET");`
`248`	`247`	`if (secret == null \|\| secret.isEmpty()) {`
`249`		`- return new ResponseEntity<String>("Secret key is not configured", HttpStatus.INTERNAL_SERVER_ERROR);`
	`248`	`+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Secret key is not configured");`
`250`	`249`	`}`
`251`	`250`
`252`	`251`	`final String signature = headers.getFirst("fpjs-event-signature");`
`253`	`252`	`if (signature == null \|\| signature.isEmpty()) {`
`254`		`- return new ResponseEntity<String>("Missing fpjs-event-signature header", HttpStatus.BAD_REQUEST);`
	`253`	`+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Missing fpjs-event-signature header");`
`255`	`254`	`}`
`256`	`255`
`257`		`- final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook.getBytes(StandardCharsets.UTF_8), secret);`
	`256`	`+ final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook, secret);`
`258`	`257`	`if (!isValidSignature) {`
`259`		`- return new ResponseEntity<String>("Webhook signature is not valid", HttpStatus.BAD_REQUEST);`
	`258`	`+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Webhook signature is not valid");`
`260`	`259`	`}`
`261`	`260`
`262`		`- return new ResponseEntity<String>("Webhook received", HttpStatus.OK);`
	`261`	`+ return ResponseEntity.ok("Webhook received");`
`263`	`262`	`}`
`264`	`263`	`}`
`265`	`264`	```
Original file line number	Diff line number	Diff line change
`@@ -269,24 +269,23 @@ This SDK provides utility method for verifying the HMAC signature of the incomin`
`269`	`269`	`class WebhookController {`
`270`	`270`
`271`	`271`	`@PostMapping("/api/webhook")`
`272`		`- @ResponseBody`
`273`		`- public ResponseEntity<String> webhookHandler(@RequestBody String webhook, @RequestHeader HttpHeaders headers) {`
	`272`	`+ public ResponseEntity<String> webhookHandler(@RequestBody byte[] webhook, @RequestHeader HttpHeaders headers) {`
`274`	`273`	`final String secret = System.getenv("WEBHOOK_SIGNATURE_SECRET");`
`275`	`274`	`if (secret == null \|\| secret.isEmpty()) {`
`276`		`- return new ResponseEntity<String>("Secret key is not configured", HttpStatus.INTERNAL_SERVER_ERROR);`
	`275`	`+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Secret key is not configured");`
`277`	`276`	`}`
`278`	`277`
`279`	`278`	`final String signature = headers.getFirst("fpjs-event-signature");`
`280`	`279`	`if (signature == null \|\| signature.isEmpty()) {`
`281`		`- return new ResponseEntity<String>("Missing fpjs-event-signature header", HttpStatus.BAD_REQUEST);`
	`280`	`+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Missing fpjs-event-signature header");`
`282`	`281`	`}`
`283`	`282`
`284`		`- final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook.getBytes(StandardCharsets.UTF_8), secret);`
	`283`	`+ final boolean isValidSignature = Webhook.isValidWebhookSignature(signature, webhook, secret);`
`285`	`284`	`if (!isValidSignature) {`
`286`		`- return new ResponseEntity<String>("Webhook signature is not valid", HttpStatus.BAD_REQUEST);`
	`285`	`+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Webhook signature is not valid");`
`287`	`286`	`}`
`288`	`287`
`289`		`- return new ResponseEntity<String>("Webhook received", HttpStatus.OK);`
	`288`	`+ return ResponseEntity.ok("Webhook received");`
`290`	`289`	`}`
`291`	`290`	`}`
`292`	`291`	```