add webhook

2025-10-16 12:05:36 +00:00 · 2021-03-03 17:11:51 +01:00 · 2021-03-03 17:11:51 +01:00 · bc81e833f0
commit bc81e833f0
parent 18db292e0a
2 changed files with 186 additions and 0 deletions
--- a/webhook.go
+++ b/webhook.go
@ -0,0 +1,91 @@
 package datatrans
 import (
 	"bytes"
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 )
 var (
 	ErrWebhookMissingSignature  = errors.New("malformed header Datatrans-Signature")
 	ErrWebhookMismatchSignature = errors.New("mismatch of Datatrans-Signature")
 )
 // https://api-reference.datatrans.ch/#section/Webhook/Webhook-signing
 type WebhookOption struct {
 	Sign2HMACKey string
 	ErrorHandler func(error) http.Handler
 }
 // ValidateWebhook an HTTP middleware which checks that the signature in the header is valid.
 func ValidateWebhook(wo WebhookOption) (func(next http.Handler) http.Handler, error) {
 	if wo.ErrorHandler == nil {
 		wo.ErrorHandler = func(err error) http.Handler {
 			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 			})
 		}
 	}
 	key, err := hex.DecodeString(wo.Sign2HMACKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to hex decode Sign2HMACKey")
 	}
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Datatrans-Signature: t=1559303131511,s0=33819a1220fd8e38fc5bad3f57ef31095fac0deb38c001ba347e694f48ffe2fc
 			tm, s0 := extractTimeAndHash(r.Header.Get("Datatrans-Signature"))
 			if tm == "" || len(s0) == 0 {
 				wo.ErrorHandler(ErrWebhookMissingSignature).ServeHTTP(w, r)
 				return
 			}
 			hmv := hmac.New(sha256.New, key)
 			hmv.Write([]byte(tm))
 			var buf bytes.Buffer
 			if _, err := io.Copy(io.MultiWriter(&buf, hmv), r.Body); err != nil {
 				_ = r.Body.Close()
 				wo.ErrorHandler(errors.New("ValidateWebhook: copy failed")).ServeHTTP(w, r)
 				return
 			}
 			_ = r.Body.Close()
 			r.Body = ioutil.NopCloser(&buf)
 			if !hmac.Equal(hmv.Sum(nil), []byte(s0)) {
 				wo.ErrorHandler(ErrWebhookMismatchSignature).ServeHTTP(w, r)
 				return
 			}
 			next.ServeHTTP(w, r)
 		})
 	}, nil
 }
 func extractTimeAndHash(headerValue string) (time string, s0hashB []byte) {
 	lhv := len(headerValue)
 	if lhv == 0 {
 		return "", nil
 	}
 	commaIDX := strings.IndexRune(headerValue, ',')
 	if commaIDX < 1 {
 		return "", nil
 	}
 	time = headerValue[2:commaIDX]
 	if lhv < commaIDX+4 {
 		return "", nil
 	}
 	s0hash := headerValue[commaIDX+4:]
 	s0hashB, _ = hex.DecodeString(s0hash)
 	return time, s0hashB
 }
--- a/webhook_test.go
+++ b/webhook_test.go
@ -0,0 +1,95 @@
 package datatrans
 import (
 	"bytes"
 	"crypto/hmac"
 	"crypto/sha256"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 )
 func must(t *testing.T, err error) {
 	t.Helper()
 	if err != nil {
 		t.Fatalf("%s\n%#v", err, err)
 	}
 }
 func Test_extractTimeAndHash(t *testing.T) {
 	tests := []struct {
 		name        string
 		headerValue string
 		wantTime    string
 		wantS0hash  []byte
 	}{
 		{
 			name:        "ok",
 			headerValue: "t=1559303131511,s0=33819a1220fd8e38fc5bad3f57ef31095fac0deb38c001ba347e694f48ffe2fc",
 			wantTime:    "1559303131511",
 			wantS0hash:  []byte{0x33, 0x81, 0x9a, 0x12, 0x20, 0xfd, 0x8e, 0x38, 0xfc, 0x5b, 0xad, 0x3f, 0x57, 0xef, 0x31, 0x9, 0x5f, 0xac, 0xd, 0xeb, 0x38, 0xc0, 0x1, 0xba, 0x34, 0x7e, 0x69, 0x4f, 0x48, 0xff, 0xe2, 0xfc},
 		},
 		{
 			name:        "empty vals",
 			headerValue: "t=,s0=",
 		},
 		{
 			name: "empty",
 		},
 		{
 			name:        "missing comma",
 			headerValue: "t=1559303131511s0=33",
 		},
 		{
 			name:        "comma begin",
 			headerValue: ",t=1559303131511s0=33",
 		},
 		{
 			name:        "comma end",
 			headerValue: "t=1559303131511s0=33,",
 		},
 		{
 			name:        "comma only",
 			headerValue: ",",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			gotTime, gotS0hash := extractTimeAndHash(tt.headerValue)
 			if gotTime != tt.wantTime {
 				t.Errorf("extractTimeAndHash() gotTime = %v, want %v", gotTime, tt.wantTime)
 			}
 			if !bytes.Equal(gotS0hash, tt.wantS0hash) {
 				t.Errorf("extractTimeAndHash() gotS0hash = %x, want %x", gotS0hash, tt.wantS0hash)
 			}
 		})
 	}
 }
 func TestValidateWebhook(t *testing.T) {
 	sign2Key := []byte(`asdfasd^%@^&%fa`)
 	const timeStr = `1559303131511`
 	mw, err := ValidateWebhook(WebhookOption{
 		Sign2HMACKey: "617364666173645e25405e26256661",
 	})
 	must(t, err)
 	const datatransBody = `{"transactionId": "210215103042148501"}`
 	r := httptest.NewRequest("POST", "/", strings.NewReader(datatransBody))
 	ht := hmac.New(sha256.New, sign2Key)
 	fmt.Fprintf(ht, "%s%s", timeStr, datatransBody)
 	r.Header.Set("Datatrans-Signature", fmt.Sprintf("t=%s,s0=%x", timeStr, ht.Sum(nil)))
 	w := httptest.NewRecorder()
 	mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintf(w, "success")
 	})).ServeHTTP(w, r)
 	if w.Body.String() != "success" {
 		t.Error("something is wrong")
 	}
 }