Skip to content

Fix CE-014 - Webhook HMAC signature replay protection#103

Open
emdevelopa wants to merge 1 commit into
Nodus-protocol:mainfrom
emdevelopa:main
Open

Fix CE-014 - Webhook HMAC signature replay protection#103
emdevelopa wants to merge 1 commit into
Nodus-protocol:mainfrom
emdevelopa:main

Conversation

@emdevelopa

@emdevelopa emdevelopa commented Jun 30, 2026

Copy link
Copy Markdown

Pull Request: Fix CE-014 - Webhook HMAC Signature Replay Protection

Description

This PR addresses issue CE-014 where the webhook HMAC signature lacked replay protection and documentation.

Changes

  • Replay Protection: Included a timestamp in the signed payload (t=<unix_ts>\n<body>) to prevent replay attacks.
  • Header Format: Updated the x-nodus-signature header to include the timestamp (t=<timestamp>,v1=<hmac_hex>).
  • Documentation: Added docs/webhooks.md which documents the signature verification steps, header format, signed payload structure, replay tolerance, and provides an example verification code in Python.
  • Tests: Added tests/webhook_tests.rs to verify that signatures with valid timestamps pass, older signatures fail (replay protection), and signatures for tampered bodies fail.

Impact

These changes ensure that interceptors cannot replay intercepted valid webhooks to trigger duplicate actions, enhancing the security of webhook endpoints for receivers.

closes #54

@emdevelopa emdevelopa requested a review from Jaydbrown as a code owner June 30, 2026 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[CE-014] webhook.rs outgoing webhooks have no HMAC signature — receiver cannot verify authenticity

1 participant