Function verify 

pub fn verify(body: &[u8], header: &str, secret: &str) -> bool

Verify that header is a valid Tango signature of body keyed by secret.

Returns false for absent, malformed, or mismatched headers — never panics. The comparison is constant-time via subtle::ConstantTimeEq on the decoded digest bytes, so a caller cannot probe a valid signature byte by byte using response-time differences.

Accepts both the canonical "sha256=<hex>" form and a bare hex string (legacy compatibility, mirroring the Node and Python SDKs).

Examples

use tango_webhooks::{generate, verify};

let body = b"payload";
let header = generate(body, "secret");
assert!(verify(body, &header, "secret"));
assert!(!verify(body, &header, "wrong-secret"));
assert!(!verify(b"tampered", &header, "secret"));
assert!(!verify(body, "", "secret"));