amocrm/internal/tools/verify.go

package tools

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
)

type Verify struct {
	integrationSecret string
	integrationID     string
}

func NewVerify(integrationSecret, integrationID string) *Verify {
	return &Verify{
		integrationSecret: integrationSecret,
		integrationID:     integrationID,
	}
}

func (v *Verify) VerifySignature(clientUUID, signature string, amoID int) bool {
	expected := v.getSignature(clientUUID, amoID)
	return hmac.Equal([]byte(signature), []byte(expected))
}

func (v *Verify) getSignature(clientUUID string, amoID int) string {
	message := fmt.Sprintf("%s|%d", clientUUID, amoID)
	h := hmac.New(sha256.New, []byte(v.integrationSecret))
	h.Write([]byte(message))
	return hex.EncodeToString(h.Sum(nil))
}

func (v *Verify) CheckIntegrationID(clientUUID string) bool {
	if v.integrationID != clientUUID {
		return false
	}

	return true
}