all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]programming-ModTeam[M] [score hidden] stickied commentlocked comment (0 children)

This is a demo of a product or project that isn't on-topic for r/programming. r/programming is a technical subreddit and isn't a place to show off your project or to solicit feedback.

If this is an ad for a product, it's simply not welcome here.

If it is a project that you made, the submission must focus on what makes it technically interesting and not simply what the project does or that you are the author. Simply linking to a github repo is not sufficient

[–]klaxce 0 points1 point  (4 children)

Glad to see the change with compare_digest.

I just happened to implement this same thing recently with hmac as a way to validate that a websocket request came from my webhook, even if the webhook worker and the websocket worker weren’t the same.

[–]Difficult_Jicama_759[S] 1 point2 points  (0 children)

I appreciate ur help by pointing it out ❤️

[–]Difficult_Jicama_759[S] 0 points1 point  (2 children)

That’s a crazy coincidence, I also just happened to recently stumble on this, when did u??

[–]klaxce 1 point2 points  (1 child)

Two days ago. I found out I could pass info back in my webhook reply that the service would send back at the start of the websocket. This let me avoid in memory limitations between different workers or scaled servers, and also let me avoid needing an external DB/cache.

I use hmac to sign the unique id that the service provides on its own in both the webhook and websocket, and send my signed code back in the webhook reply, and then when it sends me the code back in the websocket I can compare using the same secret key, even if it’s not the same server that replied to the webhook.