import crypto from "crypto";
import stringify from "json-stable-stringify";
// Replace these with actual values
const signature = "HEADER FROM X-PromptLayer-Signature"; // From request header
const secretKey = "SECRET KEY FROM PROMPTLAYER DASHBOARD"; // Your webhook secret
const payload = {}; // Replace with actual request body
export function formatPayload(payload) {
const raw = stringify(payload);
const spacedColons = raw.replace(/"([^"]+)"\s*:/g, '"$1": ');
const spaced = spacedColons.replace(/,(?=(?:\s*[\{"\[]))/g, ", ");
return spaced;
}
export function generateSignature(payload, secretKey) {
const normalized = formatPayload(payload);
return crypto
.createHmac("sha256", secretKey)
.update(normalized)
.digest("hex");
}
export function verifySignature(signature, payload, secretKey) {
const expected = generateSignature(payload, secretKey);
try {
return crypto.timingSafeEqual(
Buffer.from(signature, "hex"),
Buffer.from(expected, "hex")
);
} catch {
return false;
}
}
const isValid = verifySignature(signature, payload, secretKey);
console.log("Signature is", isValid ? "valid" : "invalid");