import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"io/ioutil"
)
func VerifySignature(expectedSig, ts, body string) (string, error) {
signStr := ts + body
key := "<client-secret>"
h := hmac.New(sha256.New, []byte(key))
h.Write([]byte(signStr))
b := h.Sum(nil)
return base64.StdEncoding.EncodeToString(b), nil
}
// usage
timestamp := c.Request().Header.Get("x-webhook-timestamp")
body, _ := ioutil.ReadAll(c.Request().Body)
rawBody := string(body)
signature := c.Request().Header.Get("x-webhook-signature")
VerifySignature(signature, timestamp, rawBody)