src/modules/validateWebhook.ts

@@ -5,6 +5,7 @@
  */
 import nacl from "tweetnacl";
 import { applicationData } from "../config/applicationData.js";
+import { sendDiscord } from "./discord.js";
 import type { Entitlement } from "../interfaces/entitlement.js";
 import type { FastifyRequest } from "fastify";
 
@@ -20,6 +21,7 @@ export const validateWebhook = (
   const { application_id: applicationId } = request.body;
   const appData = applicationData[applicationId];
   if (appData === undefined) {
+    void sendDiscord(`[NOTIFICATION]: Invalid Application ID`, `Received an entitlement event for an invalid application ID: ${applicationId}`);
     return false;
   }
   const signature = request.headers["x-signature-ed25519"];
@@ -30,9 +32,13 @@ export const validateWebhook = (
     || timestamp === undefined
     || rawBody === undefined
   ) {
+    void sendDiscord(
+      `[NOTIFICATION]: Invalid Webhook Signature`,
+      `Received an entitlement event with a missing signature or timestamp.\nApplication ID: ${applicationId}\nSignature: ${signature}\nTimestamp: ${timestamp}\nRaw Body: ${rawBody}`,
+    );
     return false;
   }
-  return nacl.sign.detached.verify(
+  const isValid = nacl.sign.detached.verify(
     // eslint-disable-next-line @typescript-eslint/restrict-template-expressions -- Being lazy here, tbh.
     Buffer.from(`${timestamp}${rawBody}`),
     Buffer.from(
@@ -43,4 +49,11 @@ export const validateWebhook = (
     ),
     Buffer.from(process.env.DISCORD_PUBLIC_KEY ?? "", "hex"),
   );
+  if (!isValid) {
+    void sendDiscord(
+      `[NOTIFICATION]: Invalid Webhook Signature`,
+      `Received an entitlement event with an invalid signature.\nApplication ID: ${applicationId}\nSignature: ${signature}\nTimestamp: ${timestamp}\nRaw Body: ${rawBody}`,
+    );
+  }
+  return isValid;
 };