Skip to content

Instantly share code, notes, and snippets.

@smiell
Created March 24, 2024 19:02
Show Gist options
  • Save smiell/a36dfbefc723bbca5ad2cb1bbbc7e0f7 to your computer and use it in GitHub Desktop.
Save smiell/a36dfbefc723bbca5ad2cb1bbbc7e0f7 to your computer and use it in GitHub Desktop.
private function IsWebhookTrusted($tallyKeyFromSettings, $receivedSignature, $payLoadBody) : bool {
// Obliczamy oczekiwany podpis HMAC na podstawie klucza Tally i payloadu
$payLoadBodyString = json_encode($payLoadBody);
$expectedSignature = hash_hmac('sha256', $payLoadBodyString, $tallyKeyFromSettings);
error_log("Hash coming from request: " . $receivedSignature);
error_log("Hash saved in settings: " . $tallyKeyFromSettings);
error_log("Result of cryptographic count: " . $expectedSignature);
// Result of comparison of the received hash with the desired one
$result = hash_equals($receivedSignature, $expectedSignature);
if( $result == true ) {
// Consistent comparison OK
error_log("Hash OK");
return true;
} else {
// The comparison is inconsistent NOT OK
error_log("Hash Invalid");
return false;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment