From 8843df9f4632db69a339ab611d17385dbadb7499 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Sat, 30 Jan 2021 11:24:14 +0100 Subject: [PATCH] simplify webhook signature --- controllers/internals/Webhook.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/controllers/internals/Webhook.php b/controllers/internals/Webhook.php index 5c40fce..6f2c59b 100644 --- a/controllers/internals/Webhook.php +++ b/controllers/internals/Webhook.php @@ -125,12 +125,18 @@ public function trigger(int $id_user, string $type, array $sms) foreach ($webhooks as $webhook) { $timestamp = time(); + $webhook_random_id = $timestamp . '-' . bin2hex(openssl_random_pseudo_bytes(16)); + + //signature is hexa string representing hmac sha256 of webhook_random_id + $webhook_signature = hash_hmac(self::HMAC_ALGO, $webhook_random_id, $user['api_key']); + $message = [ 'url' => $webhook['url'], 'data' => [ 'webhook_timestamp' => $timestamp, 'webhook_type' => $webhook['type'], - 'webhook_random_id' => $timestamp . '-' . bin2hex(openssl_random_pseudo_bytes(8)), + 'webhook_random_id' => $webhook_random_id, + 'webhook_signature' => $webhook_signature, 'id' => $sms['id'], 'at' => $sms['at'], 'text' => $sms['text'], @@ -139,10 +145,6 @@ public function trigger(int $id_user, string $type, array $sms) ], ]; - //signature is hexa string representing hmac sha256 of user_api_key::webhook_timestamp::webhook_random_id - $signature_clear = $user['api_key'] . '.' . $message['data']['webhook_timestamp'] . '.' . $message['data']['webhook_random_id']; - $message['data']['webhook_signature'] = hash_hmac(self::HMAC_ALGO, $signature_clear, $user['api_key']); - $error_code = null; $queue = msg_get_queue(QUEUE_ID_WEBHOOK); $success = msg_send($queue, QUEUE_TYPE_WEBHOOK, $message, true, true, $error_code);