pub struct Webhooks { /* private fields */ }Expand description
Verifies webhook signatures against a shared secret.
Implementations§
Source§impl Webhooks
impl Webhooks
Sourcepub fn new(secret: &str) -> Result<Self, WebhookVerificationError>
pub fn new(secret: &str) -> Result<Self, WebhookVerificationError>
Create a new verifier from a webhook secret.
If the secret starts with "whsec_", the remainder is base64-decoded
(standard alphabet) into the raw key bytes; otherwise the secret’s raw
bytes are used directly.
Divergence from webhooks.py: the Python SDK decodes the secret lazily
inside verify_signature; we decode eagerly here so an invalid
whsec_ secret is surfaced at construction time.
Sourcepub fn verify_signature(
&self,
payload: &[u8],
headers: &WebhookHeaders,
tolerance_secs: i64,
now_unix: i64,
) -> Result<(), WebhookVerificationError>
pub fn verify_signature( &self, payload: &[u8], headers: &WebhookHeaders, tolerance_secs: i64, now_unix: i64, ) -> Result<(), WebhookVerificationError>
Verify the signature of a webhook payload.
now_unix is the current time in Unix seconds (injected for testability;
see Webhooks::verify for a variant that reads the system clock).
tolerance_secs bounds how far in the past or future the webhook
timestamp may be (default DEFAULT_TOLERANCE_SECS).
Sourcepub fn verify(
&self,
payload: &[u8],
id: &str,
timestamp: &str,
signature_header: &str,
) -> Result<(), WebhookVerificationError>
pub fn verify( &self, payload: &[u8], id: &str, timestamp: &str, signature_header: &str, ) -> Result<(), WebhookVerificationError>
Convenience wrapper that reads the current system time and uses the default tolerance.
Sourcepub fn unwrap(
&self,
payload: &[u8],
headers: &WebhookHeaders,
) -> Result<WebhookEvent, WebhookVerificationError>
pub fn unwrap( &self, payload: &[u8], headers: &WebhookHeaders, ) -> Result<WebhookEvent, WebhookVerificationError>
Verify the payload and parse it into a WebhookEvent.
Divergence from the parent shorthand: verification requires the webhook
headers, so unwrap takes them explicitly (the Python unwrap(payload, headers, secret) does the same). Uses the system clock and default
tolerance.