public Task AuthenticateRequestAsync()

in src/JetBrains.Space.AspNetCore/Experimental/WebHooks/EndpointAuthentication/VerifySigningKeyAuthenticationHandler.cs [32:64]

• 28 lines of code
• 4 McCabe index (conditional complexity)

    public Task<bool> AuthenticateRequestAsync(
        SpaceWebHookOptions options,
        HttpContext context,
        string requestBody,
        ApplicationPayload? payload)
    {
        var verificationOptions = options.VerifySigningKey;
        if (verificationOptions is not { IsEnabled: true })
        {
            return Task.FromResult(true);
        }
        if (string.IsNullOrEmpty(verificationOptions.EndpointSigningKey))
        {
            _logger.LogError("Endpoint request validation failed. " + nameof(SpaceWebHookOptions.VerifySigningKey) + " is enabled, but no " + nameof(VerifySigningKeyOptions.EndpointSigningKey) + " is configured");
            return Task.FromResult(false);
        }
            
        // Verify signature
        var secret = Encoding.ASCII.GetBytes(verificationOptions.EndpointSigningKey);
                
        var signatureBytes = Encoding.UTF8.GetBytes(context.Request.Headers[HeaderSpaceTimestamp] + ":" + requestBody);
        using var hmSha1 = new HMACSHA256(secret);
        var signatureHash = hmSha1.ComputeHash(signatureBytes);
        var signatureString = ToHexString(signatureHash);
            
        if (!signatureString.Equals(context.Request.Headers[HeaderSpaceSignature]))
        {
            _logger.LogError("The webhook signature does not match the webhook payload. Make sure the endpoint signing key is configured correctly in your Space organization, and the current application");
            return Task.FromResult(false);
        }

        return Task.FromResult(true);
    }