Closed mr687 closed 2 months ago
The pull request introduces enhancements for securing webhook communications in the application. It adds a command-line flag --webhook-secret
for users to specify a secret key, updates configuration settings with a new global variable WhatsappWebhookSecret
, and implements a function to generate HMAC signatures for validating webhook requests. These changes aim to improve the security and integrity of interactions with WhatsApp webhooks.
File | Change Summary |
---|---|
src/cmd/root.go |
Added a persistent flag --webhook-secret for configuring a webhook secret. |
src/config/settings.go |
Introduced a global variable WhatsappWebhookSecret to store the webhook secret. |
src/pkg/whatsapp/whatsapp.go |
Added a function getMessageDigestOrSignature to generate HMAC SHA-256 signatures for outgoing webhook requests. |
--webhook-secret
feature in this pull request.🐰 In the garden of code, I hop with glee,
A secret for webhooks, just for thee!
With signatures strong, our messages secure,
The whispers of safety, forever endure.
So let’s dance with joy, in this digital spree,
For every new change, brings harmony! 🌼✨
[!TIP]
OpenAI O1 model for chat
- We have deployed OpenAI's latest O1 model for chat. - OpenAI claims that this model has superior reasoning capabilities than their GPT-4o model. - Please share any feedback with us in the [discussions post](https://discord.com/channels/1134356397673414807/1283929536186155099).
Hi bang @aldinokemal, can you please approve this PR as I need this webhook secret for my project. thanks.
Thank for your efforts for providing HMAC into webhook header, just left some comment Could you provided webhook capture?
Oh I missed that, okay I’ve updated the description.
Context
https://github.com/aldinokemal/go-whatsapp-web-multidevice/issues/184
--webhook-secret="super-secret-key"
X-Hub-Signature-256: sha256={signature}
to the target clientExample Usage
Start whatsapp service for example using docker.
Example webhook content:
const app = express() const secretKey = "super-secret-key"
app.post("/webhook/whatsapp", async (req, res) => { const signature = req.headers['X-Hub-Signature-256'] || "" const body = req.body
const expectedHash = crypto.createHmac("sha256", secretKey) .update(JSON.stringify(body)) .digest("hex") const actualHash = signature.slice("sha256=".length) const isValidSignature = expectedHash === actualHash
if (!isValidSignature) { throw new BadRequestException('Signature invalid!'); }
// DOING SOMETHING GREAT...
return res.send("ok") })