signPayloadTest function

SignedPayload signPayloadTest({
  1. required String secret,
  2. required Object body,
  3. String? id,
  4. int? timestampSeconds,
})

Sign body for secret and return the headers a Coffrify webhook would carry. Defaults to the Standard Webhooks v1 format.

final signed = signPayloadTest(
  secret: 'whsec_…',
  body: {'id': 'evt_1', 'type': 'ping', ...},
);
final result = await verifyWebhook(
  secret: 'whsec_…',
  body: signed.body,
  headers: signed.headers,
);
expect(result.valid, isTrue);

Implementation

SignedPayload signPayloadTest({
  required String secret,
  required Object body,
  String? id,
  int? timestampSeconds,
}) {
  final rawBody = body is String ? body : jsonEncode(body);
  final ts = timestampSeconds ??
      DateTime.now().toUtc().millisecondsSinceEpoch ~/ 1000;
  final eventId = id ?? 'msg_test_${ts.toRadixString(16)}';
  final signed = '$eventId.$ts.$rawBody';
  final key = _resolveSecretKey(secret);
  final sig = Hmac(sha256, key).convert(utf8.encode(signed));
  return (
    body: rawBody,
    headers: <String, String>{
      'webhook-id': eventId,
      'webhook-timestamp': '$ts',
      'webhook-signature': 'v1,${base64.encode(sig.bytes)}',
      'content-type': 'application/json',
    },
  );
}