Showcase webhook signature validator

[Simply007]

Motivation

Currently, we have a guide about webhook validation in PHP. It would be nice to have it directly in a sample and README.

Proposed solution

Register a webhook controller which takes webhook secret from environment variables and validates the signature of the request and respond OK (or other dummy result/maybe with a webhhok body) if it is fine, or invalid if the signature does not match.

Additional context

web.php extension

use App\Http\Controllers\WebhookController;

// ... 

Route::post('/webhook', [WebhookController::class, 'index'])->name('webhook');

Controller sample

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class WebhookController extends Controller
{

    public function index(Request  $request)
    {
        // load from environment variables
        $secret = 'XYZ';
        $content = $request->getContent();

        $sig_calculated = base64_encode(hash_hmac('sha256', $content, $secret, true));

        $sig_sent = $request->headers->get('x-kc-signature');

        // return some more readable response
        return dd(hash_equals($sig_calculated, $sig_sent));
    }
}

There is a branch to check: https://github.com/Kentico/kontent-sample-app-php/tree/showcase-webhook