1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
//! # modo::webhook
//!
//! Outbound webhook delivery following the
//! [Standard Webhooks](https://www.standardwebhooks.com/) specification.
//!
//! Provides signed outbound HTTP POST requests using HMAC-SHA256,
//! plus verification helpers for incoming webhook requests.
//!
//! # Provides
//!
//! | Type | Purpose |
//! |------|---------|
//! | [`WebhookSender`] | Signs and delivers webhook payloads via HTTP POST. Clone-cheap (`Arc` inside). |
//! | [`WebhookSecret`] | HMAC-SHA256 signing key. Serialized as `whsec_<base64>`. `Debug` output is redacted. |
//! | [`WebhookResponse`] | HTTP status code and body bytes returned by the endpoint. |
//! | [`SignedHeaders`] | The three Standard Webhooks request headers produced by [`sign_headers()`]. |
//! | [`sign()`] | Compute a raw HMAC-SHA256 signature (base64-encoded). |
//! | [`verify()`] | Verify a raw HMAC-SHA256 signature with constant-time comparison. |
//! | [`sign_headers()`] | Build the three Standard Webhooks headers from id, timestamp, body, and secrets. |
//! | [`verify_headers()`] | Verify incoming Standard Webhooks headers with replay-attack protection. |
//!
//! # Quick start
//!
//! ```
//! use modo::webhook::{WebhookSender, WebhookSecret};
//!
//! # async fn example() -> modo::Result<()> {
//! let sender = WebhookSender::default_client();
//! let secret: WebhookSecret = "whsec_dGVzdC1rZXktYnl0ZXM=".parse()?;
//!
//! let response = sender.send(
//! "https://example.com/webhooks",
//! "msg_01HXYZ",
//! b"{\"event\":\"user.created\"}",
//! &[&secret],
//! ).await?;
//!
//! println!("endpoint returned {}", response.status);
//! # Ok(())
//! # }
//! ```
pub use WebhookResponse;
pub use WebhookSecret;
pub use WebhookSender;
pub use ;